cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AVD SSO Broken

landymilner
Copper Contributor

‎Apr 21 2023 12:28 PM

‎Apr 21 2023 12:28 PM

AVD SSO Broken

Setup AVD's with a local DC

Setup SSO

All was working as expecting (Passing AAD creds through and authenticating locally). 

I had moved all users into a specific OU, and adjusted AD Sync to only sync that OU, Afterwards, I found SSO wasn't working. If I disable the "Attempt to sign in with AAD creds", I get prompted for local creds and can login fine. 

I undid the changes I made and started Syncing all OU's again, no change

I removed and re-added the Azure Kerbros server object, no change. 

MSFT hasn't been able to help. 

Any Thoughts would be great!

735 Views
1 Like
3 Replies
Reply
3 Replies
Kidd_Ip

‎Apr 23 2023 05:18 AM

‎Apr 23 2023 05:18 AM

Re: AVD SSO Broken

@landymilner 

Any GPO applied and what is the setting?

0 Likes
Reply
GIS_DaveS

‎Apr 24 2023 06:24 AM

‎Apr 24 2023 06:24 AM

Re: AVD SSO Broken

@landymilner 

Did you change both the Azure AD authentication and Credentials Security Support Provider back to Not Configured?

 

GIS_DaveS_0-1682342655108.png

 

0 Likes
Reply
elliottpark_msft

‎Apr 24 2023 06:30 AM

‎Apr 24 2023 06:30 AM

Re: AVD SSO Broken

@landymilner 

 

My AAD SSO broke several times because the user accounts were added to either "Domain Admins" or "Administrators" group in AD. If you open your AzureADKerberos object in ADUC and go to properties/Password Replication Policy tab, you will see many Deny entries. It is possible you may have inadvertently added your AVD users to any of these groups. Try removing group membership to these groups and try logging in again.

0 Likes
Reply