SOLVED

ConfigureOnPremisesAccountAutoSignIn and Server 2012 R2 Edge Stable 84.0.522.40

Brass Contributor

Good day,

 

My organization is interested in implementing the Edge roaming profile support.  We're trying to use the on-premise account sign in, rather than Azure AD.  I'm finding that the setting "ConfigureOnPremisesAccountAutoSignIn" setting is working on Windows 10 1809, however try as I might, I cannot get our Server 2012 R2s to accomplish this sign in.

I noticed that the format that the two display under the profile settings looks different.  The working Windows 10 1809 display the account as domain\username, while the non-working Server 2012 R2 are displaying it as the UPN, username@domain.com.

 

I did manage to find another thread out there on this, but doesn't seem to be any real solution.  I'd like for this to occur automatically, rather than require a manual intervention, as we have thousands of devices out there.

https://techcommunity.microsoft.com/t5/discussions/sync-isn-t-available-for-this-account/m-p/1175942

28 Replies

@Jeffrey_Fronius Thanks for reaching out. Hopefully this will be a simple solution! If you'd like to use that, the devices have to be domain joined (documentation here.) 

 
"The device is domain joined: Available on Win10, down-level Windows, and corresponding server versions. By default, the user will not get automatically signed in. If you want to automatically sign in users with domain accounts, use the ConfigureOnPremisesAccountAutoSignIn policy. If you want to automatically sign in users with their Azure AD accounts, consider hybrid joining your devices."
 
However, if they're already joined and you're still having challenges, please let us know.
 
Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge
These are domain joined and we're testing with that policy applied.
@Deleted 
We have the same problem with Windows Server 2016, is there any solution? 

 

@Jeffrey_Fronius and @Torsten_Lueckhardt Thank you for letting us know. I've looped the team in and will let you know if they have insights to share.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 
Thank you.  We'll be eager to test if there's a work-around for this.
We happen to be wanting to use this feature on a mix of workstation and server OS.

@Jeffrey_Fronius It sounds like OneAuth implicit sign-in happening with the AAD account. Navigating  to edge://signin-internals/ can provide more info. What do you have listed for the "[Edge] Account Type"?

 
 

signin internals.jpg

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 

On a Server 2012 R2 where I have these policies set:

Jeffrey_Fronius_0-1597157964084.pngJeffrey_Fronius_1-1597157985376.png

On a Windows 10, same policies, I see this.  I edited out our domain specific info.

Jeffrey_Fronius_2-1597158141736.png

 

@Jeffrey_Fronius @Deleted 

Just checking back, any further information you need to help troubleshoot this?

@Jeffrey_Fronius Thanks for sending those! The team is taking a look; I'll let you know as soon as they have recommendations for the next steps. 

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Jeffrey_Fronius I have an update for you. The good news is that this thread prompted an internal discussion, with the team creating a work item! However, that also means that they need to investigate further before providing any definitive answers. I'll let you know if/when there's any additional information!

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 

Thank you!  I'll keep an eye out on this thread.

best response
Solution

@Jeffrey_Fronius Great news: the team was able to validate the issue and have now enabled a fix! The new code will be in Canary 87.0.626.0 and later, allowing you to use the ConfigureOnPremisesAccountAutoSignIn policy. If you are not having success after trying this on Canary, let me know and I can help you securely submit a histogram to the team.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 

Looking forward to v87 going stable!  Wonderful!

@Deleted

I validated that the canary version works as expected.
Is it possible to to backport the fix to version 85? We are looking into deploying edge as the default browser to 3000+ w10 machines and this is issue holding back our deployment.

@mictsi Thanks for reaching out, and welcome to the MSFT Edge Insider community. 

 

Great question. I asked the team about possibilities and will let you know if/when I hear back from them.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@mictsi Good news: the team confirmed that the fix will be in v86 of the Stable channel, which will be released in ~1 month! (Following your feedback, they did look into backporting to v85, but there were a number of unexpected and confounding factors for that.) 

 

Hopefully that helps! If not, please let us know.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 

I've successfully tested this on Server 2012 R2 with Beta 86.0.622.11.

 

I did notice one other small issue, and if you'd like, I can create a separate thread for it.  I'm testing the on-premise sync with the following policies configured.

BrowserSignin
RoamingProfileSupportEnabled
RoamingProfileLocation
ConfigureOnPremisesAccountAutoSignIn

 

If I have a device where these policies are not yet enabled and the device has an Edge profile already, when I apply these policies the device will not perform the automatic browser signin.

If I delete the Edge profile and start cleanly, apply the policies, then launch Edge, the automatic browser signin occurs as expected.

 

I have several thousand clients where I'm looking to apply this and I'd hate to have to clear out Edge profiles before the setting works.

@Jeffrey_Fronius Great, I'm glad to hear it worked! And followed up with the team regarding the issue with automatic sign-on with those policies, and will let you know if/when I hear back from them.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

@Deleted 

Thank you, again!  It would be really great if the policy would convert the device's profile to automatic sign in.  I'm looking to roll this out to 5000 devices and I'd hate to have to clear out the existing profile to get it to work.

1 best response

Accepted Solutions
best response
Solution

@Jeffrey_Fronius Great news: the team was able to validate the issue and have now enabled a fix! The new code will be in Canary 87.0.626.0 and later, allowing you to use the ConfigureOnPremisesAccountAutoSignIn policy. If you are not having success after trying this on Canary, let me know and I can help you securely submit a histogram to the team.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

View solution in original post