Unable to enable Edge sync in Hybrid AD environment with Win10 VMs in Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-1425829%22%20slang%3D%22en-US%22%3EUnable%20to%20enable%20Edge%20sync%20in%20Hybrid%20AD%20environment%20with%20Win10%20VMs%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1425829%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%40all%2C%20I%20am%20currently%20facing%20an%20issue%20that%20I%20couldn't%20handle%20by%20myself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20having%20trouble%20to%20enable%20the%20(new)%20Microsoft%20Edge%20sync%20feature%20for%20all%20of%20our%20users%2C%20when%20they%20sign-in%20to%20a%20published%20desktop%2Fapp%20with%20Win10%201909%20as%20OS%2C%20running%20on%20Azure%20(Windows%20Virtual%20Desktop).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20try%20to%20enable%20the%20sync%20by%20%22completing%20the%20sign%22-in%20we%20receive%20the%20error%20%220%22%20or%20%221067%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOutside%20of%20the%20Win10%20machines%20in%20Azure%20the%20users%20can%20sign-in%20to%20Edge%20as%20expected%2C%20e.g.%20it%20works%20in%20macOS%2C%20iOS%2C%20Android.%20Unfortunately%20we%20do%20not%20have%20any%20Win10%20Client%20OnPrem%20to%20test%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%2C%20the%20screenshots%20are%20only%20available%20in%20German%2C%20but%20I%20think%20the%20behaviour%20should%20talk%20for%20itself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20solved%20the%20problem%20or%20facing%20the%20same%20issue%3F%20Any%20idea%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%3C%2FP%3E%3CP%3ESandro%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1425829%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEdge%20Chromium%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Egpo%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Virtual%20Desktop%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1425891%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20enable%20Edge%20sync%20in%20Hybrid%20AD%20environment%20with%20Win10%20VMs%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1425891%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F101250%22%20target%3D%22_blank%22%3E%40Sandro%20Reiter%3C%2FA%3E%26nbsp%3BGuten%20morgen%20Sandro%2C%3C%2FP%3E%3CP%3EHow%20do%20users%20log%20on%20to%20the%20Windows%2010%20system%3F%20%3CA%20href%3D%22mailto%3Auser%40domain%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Euser%40domain.de%3F%3C%2FA%3E%3C%2FP%3E%3CP%3EDid%20you%20take%20a%20look%20at%20%3CA%20href%3D%22edge%3A%2F%2Fsignin-internals%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eedge%3A%2F%2Fsignin-internals%2F%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22edge%3A%2F%2Fsync-internals%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eedge%3A%2F%2Fsync-internals%2F%3C%2FA%3E%26nbsp%3Bwhen%20doing%20the%20authentication%20to%20see%20what%20is%20going%20on%3F%3C%2FP%3E%3CP%3EMy%20guess%20you%20have%20a%20support%20agreement%20with%20Microsoft%20because%20you%20use%20Azure%2C%20open%20a%20ticket!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%20Henno%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1426247%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20enable%20Edge%20sync%20in%20Hybrid%20AD%20environment%20with%20Win10%20VMs%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1426247%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F400875%22%20target%3D%22_blank%22%3E%40Henno_Keers%3C%2FA%3E%26nbsp%3B%20Hi%20Henno%2C%20the%20users%20AAD%20Connect%20synced%20and%20sign%20in%20with%20their%20upn.%20Ticket%20at%20MS%20support%20is%20already%20created.%20I%20didn't%20know%20before%20that%20signin-%20and%20sync-internal%20URLs%20are%20existing%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20different%20issues%20for%20different%20users.%20But%20the%20most%20I%20have%20seen%20is%26nbsp%3B%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EDisable%20Reasons%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3EWaiting%20for%20sync%20url%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ETokenService%20Load%20Status%3C%2FTD%3E%3CTD%3ELoad%20credentials%20failed%20with%20no%20refresh%20token%20for%20signed%20in%20account%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1426297%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20enable%20Edge%20sync%20in%20Hybrid%20AD%20environment%20with%20Win10%20VMs%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1426297%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F101250%22%20target%3D%22_blank%22%3E%40Sandro%20Reiter%3C%2FA%3E%26nbsp%3BIn%20advance%20of%20the%20contact%20of%20MS%20support%20you%20will%20get%20I%20suggest%20that%20separate%20%22the%20different%20issues%22%20and%20treat%20them%20as%20entirely%20separate%2C%20so%20gather%20all%20relevant%20data%20preferable%20via%20Kepner%20%26amp%3B%20Tregoe%20situation%20appraisal%20and%20noting%20everything%20down%20in%20a%20KT%20problemsolving%20template.%3C%2FP%3E%3CP%3EKey%20is%3A%3C%2FP%3E%3CP%3Ewhen%20did%20the%20issue%20started%20(date%20%2F%20time)%3C%2FP%3E%3CP%3EIs%20there%20a%20%22IS%20Not%22%3B%20what%20system%20do%20work%20but%20could%20in%20potential%20have%20the%20same%20deviation%3F%3C%2FP%3E%3CP%3EA%20domain%20joined%20real%20PC%20would%20be%20nice%20to%20have%20as%20a%20IS%20Not%20(working).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello @all, I am currently facing an issue that I couldn't handle by myself.

 

We are having trouble to enable the (new) Microsoft Edge sync feature for all of our users, when they sign-in to a published desktop/app with Win10 1909 as OS, running on Azure (Windows Virtual Desktop).

 

When we try to enable the sync by "completing the sign"-in we receive the error "0" or "1067".

 

Outside of the Win10 machines in Azure the users can sign-in to Edge as expected, e.g. it works in macOS, iOS, Android. Unfortunately we do not have any Win10 Client OnPrem to test this.

 

Sorry, the screenshots are only available in German, but I think the behaviour should talk for itself.

 

Does anyone solved the problem or facing the same issue? Any idea?

 

Thanks in advance!

 

Best

Sandro

3 Replies
Highlighted

@Sandro Reiter Guten morgen Sandro,

How do users log on to the Windows 10 system? user@domain.de?

Did you take a look at edge://signin-internals/ and edge://sync-internals/ when doing the authentication to see what is going on?

My guess you have a support agreement with Microsoft because you use Azure, open a ticket!

 

Regards, Henno

Highlighted

@Henno_Keers  Hi Henno, the users AAD Connect synced and sign in with their upn. Ticket at MS support is already created. I didn't know before that signin- and sync-internal URLs are existing :D

 

We have different issues for different users. But the most I have seen is 

Disable ReasonsWaiting for sync url
TokenService Load StatusLoad credentials failed with no refresh token for signed in account
Highlighted

@Sandro Reiter In advance of the contact of MS support you will get I suggest that separate "the different issues" and treat them as entirely separate, so gather all relevant data preferable via Kepner & Tregoe situation appraisal and noting everything down in a KT problemsolving template.

Key is:

when did the issue started (date / time)

Is there a "IS Not"; what system do work but could in potential have the same deviation?

A domain joined real PC would be nice to have as a IS Not (working).