Home

KMSI not working in onprem SFB with MA

%3CLINGO-SUB%20id%3D%22lingo-sub-136274%22%20slang%3D%22en-US%22%3EKMSI%20not%20working%20in%20onprem%20SFB%20with%20MA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-136274%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20recently%20set%20up%20our%20on%20premise%20Skype%20for%20Business%20server%20to%20use%20Modern%20authentication%20via%20internal%20AD%20FS%20(2016)%20and%20authenticate%20in%20Azure%20AD.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20problem%20is%20that%20does%20not%20matter%20what%20I%20choose%20at%20KMSI%20screen%20-%20I%20will%20%3CSTRONG%3Ealways%3C%2FSTRONG%3E%20have%20to%20re-enter%20my%20credentials%20each%20time%20I%20login%20to%20Skype.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20253px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F25476i1DD8FEEFA9FC13AB%2Fimage-dimensions%2F253x282%3Fv%3D1.0%22%20width%3D%22253%22%20height%3D%22282%22%20alt%3D%22Capture.PNG%22%20title%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAD%20FS%20has%20default%20config%20for%20ksmi%20%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPS%20C%3A%5CWindows%5Csystem32%26gt%3B%20Get-AdfsProperties%20%7C%20fl%20ssolifetime%2C*kmsi*%2Cdevice*%2Cpersis*%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3ESsoLifetime%20%3A%20480%3CBR%20%2F%3EKmsiLifetimeMins%20%3A%201440%3CBR%20%2F%3EKmsiEnabled%20%3A%20True%3CBR%20%2F%3EDeviceUsageWindowInDays%20%3A%2014%3CBR%20%2F%3EPersistentSsoLifetimeMins%20%3A%20129600%3CBR%20%2F%3EPersistentSsoEnabled%20%3A%20True%3CBR%20%2F%3EPersistentSsoCutoffTime%20%3A%201%2F1%2F0001%202%3A00%3A00%20AM%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20advise.%3C%2FP%3E%0A%3CP%3EThanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-136274%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ekmsi%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emodern%20authentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESfB%20On-Prem%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-138075%22%20slang%3D%22en-US%22%3ERe%3A%20KMSI%20not%20working%20in%20onprem%20SFB%20with%20MA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-138075%22%20slang%3D%22en-US%22%3EAnyone%20please%20%3F%3CBR%20%2F%3EShould%20it%20work%20at%20all%20or%20am%20I%20expecting%20unexpected%20%3F%3C%2FLINGO-BODY%3E
Highlighted
Maksim Chakov
New Contributor

Hi guys,

 

We have recently set up our on premise Skype for Business server to use Modern authentication via internal AD FS (2016) and authenticate in Azure AD. 

The problem is that does not matter what I choose at KMSI screen - I will always have to re-enter my credentials each time I login to Skype. 

Capture.PNG

AD FS has default config for ksmi : 

PS C:\Windows\system32> Get-AdfsProperties | fl ssolifetime,*kmsi*,device*,persis*


SsoLifetime : 480
KmsiLifetimeMins : 1440
KmsiEnabled : True
DeviceUsageWindowInDays : 14
PersistentSsoLifetimeMins : 129600
PersistentSsoEnabled : True
PersistentSsoCutoffTime : 1/1/0001 2:00:00 AM

 

Please advise.

Thanks. 

1 Reply
Highlighted
Anyone please ?
Should it work at all or am I expecting unexpected ?