Forum Discussion
MicrosoftOneDrive for Business | Known folder silently redirection not work
Testing it out as we speak... WilsonSu I shall report that it works fine for the user's profile for which we deleted the profile for prior. But when I go try to sign in with a user that has never logged in before to that PC I keep getting this error Login was either interrupted or unsuccessful. Please try logging in again. Code: 0x8004deb4 (RETRY or CANCEL) when I click on Retry it just say We can't sync your "OneDrive - Company name" folder Sorry, we can't add your "oneDrive - mycompany" folder right now Please try again. Do I have to do this at each new user that tries to sign in? individually?
<SilentBussinessConfigCompleted> to 0 in <Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive
MicrosoftNope, this key will automatcially become 1 once the GPO works at the first time. But it is related to the User key, so it is 0 by default with new user account. For the error code, you'd better check the Azure hybird or device Azure AD joined. Because Silent Sign On GPO should work with Device Azure hybird, so if you run <dsregcmd /status> in cmd and the Azure AD joined is 'no', you will definitely meet this issue.
How to confirm whether Azure AD joined is the cause?
Let's open a browser and access office 365. If the browser could automatically sign in with the current account (no need to input accout and password), the OneDrive silent sign in should also work.
- WilsonSu
I know this is a old post but hoping someone has seen this in the pass.
I am have a similar issue.
KFM is mworking perfectly for computers that are joined to an onprem AD Domain.
For computers that are Azure Hybrid AD joined KFM does not work.
dsregcmd /status shows AzureADLoined: Yes. However, accessing O365 does not auto sign-in.
I have disabled "Silently sign in users to OneDrive sync app with their WIndows credentials" however OneDrive does not open for users to sign-in.
Any thought of what I am overlooking or what the issue might be?
Thanks,- WilsonSu
NAMGuy Some ideas for your reference:
a. KFM and silent sign in are two different functions. First of all, we need to ensure that the account login successfully, then KFM could be triggered no matter manual or registry key/GPO.
b. OneDrive auto sign in needs the 'Silently sign in users to OneDrive sync app with their WIndows credentials' policy. However, as you disabled it, you need to sign out OneDrive in the machines first. Because OneDrive could store the credential, if we do not sign out, the OneDrive keeps using this credential until password changed.
c. If we sign out the account, but still fail on sign in OneDrive with pop-up windows. It should be an Identity issue. Somehow the authentication process fail.
Ah! That helps my dilemma. I'm trying to do the NON Silent redirection, and it's not working. I have, as near as I can tell, everything set correctly. I checked everything else in this thread, no problems there, but the <dsregcmd /status> shows No!
I do have Azure AD Sync setup, but /dsregcmd /status shows no.
In poking around, I found this article, which I didn't see linked from any of the OneDrive KFM articles:http://%20https://www.cloudsupport.help/hc/en-us/articles/115000286908-Connect-domain-joined-devices-to-Azure-AD-for-Windows-10-experiences
Is this activity required to get KFM to work? Silent or otherwise? (I was actually going for "otherwise" meaning the prompted Known Folder Move).
== John ==
- WilsonSu
Hi John, it depends on which GPO you are using. For KFM related policies, it doesn't need <domain-joined device>. But <silently sign on> policy in OneDrive needs device Azure joined.
Non silent redirection is corresponding to this GPO <Prompt users to move Windows known folders to OneDrive>, and you also need to check whether you have other GPOs which has conflict with KFM redirection. The normal symptom on this policy is that each time you start the device, it will pop up an interface to ask users "Start Backup".
However, you could try to manually open "Manage Backup" in your OneDrive settings to see whether it could be activated first. Then you could know whether it has some other policies conflicted with it.
As far as I know, I have all of the GPO's set, the registry keys are in evidence, but the popup never comes up.
I don't get the "Start backup" popup.
So, to get the silent sign on, we need to make the devices both domain joined and azure joined? I thought SSO was enough.
Is there a GPO that can force the devices to join Azure?
WilsonSu Thanks, this explains the riddle we are currently experiencing. I haven't tested the feature with my Azure AD domain joined devices. Will try that soon. Thanks again.
