Forum Discussion
OneDrive auto setup
Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2. OneDrive creates it with a data value of 1. Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly. No more user prompts, interruptions, or failures. It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe. The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error. All they need to do is click the "OK" button and it resigns them in. This is a one-time resign in.
Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2. OneDrive creates it with a data value of 1. Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly. No more user prompts, interruptions, or failures. It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe. The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error. All they need to do is click the "OK" button and it resigns them in. This is a one-time resign in.
OneDrive silent/auto login update: I haven't been able to push the GPO to any other users in the organization, until today. Unfortunately, it no longer works. I believe the issue is that we moved away from ADFS, and now go through BIG-IP. Azure AD Connect still runs on our DC, and is fully functional. This is the note from Microsoft's site: "If you federate your on-premises Active Directory with Azure AD, you must use AD FS to enable this feature." Anyway, if anyone has had this issue, I'd appreciate knowing what you did to fix it. Thanks.
You could switch over to Pass-Through Authentication for Office365/OneDrive
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
Microsoft perform the authentication via the Azure AD Connect client installed on premise instead of ADFS, works with SSO,
We've not had any issues after switching,
Chris.
ChrisShearing Thanks for the information. We have now removed federation from our tenant, but are still using password-hash. Anyway, even moving away from federation did not fix the issue of no silent first-time login into OneDrive. I doubt we'll be able to change over to pass-through anytime soon, though, so cannot try your solution.
- Hey PAul,
Ever get this to work? At one company, I added a value for local intranet to Site zone assignment, and it has been working since:
sts.<<tenant>>.com
I have tried doing the same steps in a new company, but it does not work. One would think that Microsoft would provide better documentation to resolve these issues as well as have the technical within to assist in resolving what should be a fairly straightforward issue.
