Forum Discussion
Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
We are trying to configure the Edge GPO to enable local sync of favorites, but we are unable to get the on-prem sign-in to work over VPN and so the local profile.pb is never created.
Our settings are as follows:
BrowserSignin = 1
ConfigureOnPremisesAccountAutoSignIn = 1
RoamingProfileSupportEnabled = 1
SyncDisabled = 0
When we login to Windows 10 with a cached credential, connect to VPN, and launch Edge with these settings, we get prompted to sign-in. The only account that seems to work is the "work or school account" which is our O365 email address. Signing in using this account results in the Edge account type and sync account type as AAD instead of on-prem and the message "sync isn't available for this account"
I believe the cause of the issue is the AD account is not being used to sign in to the browser even though ConfigureOnPremisesAccountAutoSignIn is set to 1. Doing a whoami at a command prompt shows my account name in domain\username format.
Using these same settings while logged into an on-site workstation results in on-premises sign in and sync working properly. Is there any reason why this functionality would not work on a cached local logon/VPN scenario?
- Kelly_YMicrosoft
jdbst56 Hi Joshua! Thanks for reaching out! The Identity Team was looking over your post and it would be helpful to get logs to better understand your specific question/scenario.
Because of the sensitive information/PII that can be in the logs, there are a couple of options:
- File a customer support request You should be able to work with them directly to investigate/resolve your specific issue.
- Submit diagnostic data through our in-browser feedback tool. It's under "..." menu > Help and feedback > Send feedback. You need to turn on "Send diagnostic data" and this should capture all the necessary logs.
If you are planning to use the in-browser feedback tool please get into a clean state and log feedback only after the issue is reproduced. You can get into a clean state by 1) deleting User Data folder before launch OR 2) Create a separate folder and launching edge from command line using --user-data-dir=<that folder>
Additionally, to help the team find your feedback quickly, you can include the string "ForumIdentityOnPremisesVPN" and comment below once you've submitted it.
-Kelly
- bin_daBrass ContributorI have a similar issue. Seems that some VLANs work as expedted, others automatically want me to sign in using an Azure AD account.
- Kelly_YMicrosoft
Hi Everyone - Circling back to this thread, we have just added a new policy for this scenario starting in Microsoft Edge v94. MS Edge Beta Version 94.0.992.9 was just released today (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-beta-channel#version-9409929-september-2)
Here is a link to the policy documentation for OnlyOnPremisesImplicitSigninEnabled:
Thanks!
-Kelly