Jan 16 2020 01:48 PM
I can't get sync to work in our Amazon Workspace environment (running Server 2016). Sign in authenticates fine but then I get an error saying "Hmm...we're having trouble verifying your account details." and a prompt to sign in.
I am have Seamless SSO enable which works fine for all other apps.
Has anyone got any ideas as to where I can start troubleshooting?
Feb 13 2020 08:55 AM
Is anyone able to help?
Looking at sync-internals I get the following information:
Disable Reason: Waiting for sync url
Last token error: EDGE_AUTH_ERROR: 3, 24, 4b0
Mar 24 2020 09:22 AM - edited Mar 25 2020 06:06 AM
I have this same problem on a Windows Server 2016 RDS session host deployment, we have Azure AD connect with Seamless SSO configured, SSO is working fine for all other Azure AD applications.
You get prompted to sign in, SSO signin appears to be successful, but sync stays in the "setting up sync" phase indefinitely.
This is problematic because favorites are not stored in a part of the roaming profile, so users favorites appear to have been lost from the users' perspective unless the session broker load balancing happens to route them back to the same session host they were logged in to when they created their favorites.
edge://sync-internals shows:
Transport State | Disabled |
Disable Reasons | Waiting for sync url |
Sync Feature Enabled | false |
Setup In Progress | false |
Auth Error | OK since browser startup |
Sync Account Type | AAD |
Requested Token | 2020-03-24 12:20:00 -04 |
Received Token Response | 2020-03-24 12:20:00 -04 |
Last Token Request Result | OK |
Has Token | false |
Next Token Request | 2020-03-24 12:20:07 -04 |
Last Token Error | EDGE_AUTH_ERROR: 3, 24, 4b0 |
Mar 25 2020 06:39 AM
I haven't been able to resolve the issue. If I sign in using the beta or Dev channel then I the additional error:
"We are unable to verify your account. Please sign in for account_hint"
Most but not all of my users get this error but I can't see any differences.
Mar 25 2020 07:01 AM
Thanks.
I'm going to open a support case on it, will keep you updated on if I get a resolution.
Apr 02 2020 04:57 PM
I wound up doing various tests.. stand up a new host in it's own collection in an OU where inheritance was blocked to rule out something in group policy breaking it.
I was able to reproduce it with no GPOs linked.
It turned out the culprit was Symantec Endpoint Protection.
The servers were on the most current version but apparently there is an incompatibility.
After uninstalling Symantec Endpoint Protection it works fine.