Forum Discussion

jdbst56's avatar
jdbst56
Brass Contributor
Nov 02, 2020

Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login

We are running Edge 86.0.622.58 on Win10 Enterprise 1909 domain joined systems.

 

We are trying to configure the Edge GPO to enable local sync of favorites, but we are unable to get the on-prem sign-in to work over VPN and so the local profile.pb is never created.

 

Our settings are as follows:

 

BrowserSignin = 1

ConfigureOnPremisesAccountAutoSignIn = 1

RoamingProfileSupportEnabled = 1

SyncDisabled = 0

 

When we login to Windows 10 with a cached credential, connect to VPN, and launch Edge with these settings, we get prompted to sign-in.  The only account that seems to work is the "work or school account" which is our O365 email address.  Signing in using this account results in the Edge account type and sync account type as AAD instead of on-prem and the message "sync isn't available for this account"

 

I believe the cause of the issue is the AD account is not being used to sign in to the browser even though ConfigureOnPremisesAccountAutoSignIn is set to 1.  Doing a whoami at a command prompt shows my account name in domain\username format.

 

Using these same settings while logged into an on-site workstation results in on-premises sign in and sync working properly.  Is there any reason why this functionality would not work on a cached local logon/VPN scenario?

 

 

  • Kelly_Y's avatar
    Kelly_Y
    Icon for Microsoft rankMicrosoft
    Nov 06, 2020

    jdbst56  Hi Joshua!  Thanks for reaching out!  The Identity Team was looking over your post and it would be helpful to get logs to better understand your specific question/scenario.  

     

    Because of the sensitive information/PII that can be in the logs, there are a couple of options: 

    • File a customer support request  You should be able to work with them directly to investigate/resolve your specific issue.  
    • Submit diagnostic data through our in-browser feedback tool. It's under "..." menu > Help and feedback > Send feedback.   You need to turn on "Send diagnostic data" and this should capture all the necessary logs.

    If you are planning to use the in-browser feedback tool please get into a clean state and log feedback only after the issue is reproduced.  You can get into a clean state by 1) deleting User Data folder before launch OR 2) Create a separate folder and launching edge from command line using --user-data-dir=<that folder>

     

    Additionally, to help the team find your feedback quickly, you can include the string "ForumIdentityOnPremisesVPN" and comment below once you've submitted it.  

     

    -Kelly

    • jdbst56's avatar
      jdbst56
      Brass Contributor
      Nov 09, 2020

      Kelly_Y Hello, I have submitted the logs through the in-browser feedback tool today per your rquest.

      • Kelly_Y's avatar
        Kelly_Y
        Icon for Microsoft rankMicrosoft
        Nov 09, 2020

        jdbst56 Thank you for the feedback!  I've located your specific report and routed it to the Identity Team.  We will follow up if there is any additional information needed or updates/insights to share.  

         

        -Kelly

  • bin_da's avatar
    bin_da
    Brass Contributor
    Nov 09, 2020
    I have a similar issue. Seems that some VLANs work as expedted, others automatically want me to sign in using an Azure AD account.

Resources