Constantly prompted for Administrator credential, while logged in as Local Admin

Brass Contributor

Hi All!

 

I've been trying out the Windows Admin Center, and have what I think is a pretty simple setup.  I have a single box I want to use as my Storage Migration Service orchestrator.   It's an Azure VM Windows 2019 template, I joined it to my domain.  I installed WAC after joining it to the domain.  I bring up the WAC site, and I'm constantly asked for my Administrator Account for the TARGET box.  Constantly.  I'm logged into the box with Domain Admin (and member of local Admins group), I "manage as" the server with the same account, and nothing works. It keeps asking me for the administrator credentials to the box I want to manage.  I've installed the Storage Migration service components as well, but when I use that function of WAC (all I really need) I get an error that it failed loading some lists (definitely a JSON web app error).  Probably related, can't really tell.  

 

Before I blow this box away and start over, where do I go look for what's wrong.  This was supposed to make managing windows simpler, and it's so far been anything but. 

 

I've followed the instructions on docs.microsoft.com and those are about as plain as you can get with the deploy and configure instructions.

 

Thanks for the tips.

3 Replies

Hi John,

 

Please check out the troubleshooting guide here: https://aka.ms/wactroubleshooting.

 

If nothin on there helps, please reply to this thread with the information listed at the bottom of the page.

Thanks Jeff,

The troubleshooting doc didn't cover the scenario that I'm experiencing, everything else is working ok.  Again the problem is that I have one server, joined to the domain, with WAC installed.  I'm using WAC to manage and administer the Storage Migration Service ON THIS BOX.  I cannot administer this box, without using the local admin account on the box, even though it is domain joined, and the domain account I want to use with WAC is a local admin on the box, is an enterprise and domain admin.  Nothing works when I manage the local server (where WAC is installed as well) as a domain admin account, and only works when I use a local account.

 

>>>REQUESTED TROUBLESHOOTING<<<

Platform where Windows Admin Center is installed (Windows 10 or Windows Server):  Windows Server
If installed on Server, what is the Windows version of the machine running the browser to access Windows Admin Center:   WAC 1809.5

Are you using the self-signed certificate created by the installer?  Self Signed
Did you install with the default port setting? YES
Is the machine where Windows Admin Center is installed joined to a domain? YES
Windows version where Windows Admin Center is installed: Windows 2019 GA  - 17763 Build
Is the machine that you are trying to manage joined to a domain? YES (same machine where WAC is installed)
Windows version of the machine that you are trying to manage: Windows 2019
What browser are you using? CHROME
If you are using Google Chrome, what is the version? 71.0.3578.98 (Official Build) (64-bit)

Thanks for the additional info. I need to tease this apart in two issues:
 
1) Excessive credential prompts
This is a known issue with Chrome, which makes the management of the local server painful because you don't have an option to use Edge.
If you have the option, try accessing WAC from a remote W10 machine using Edge.
We have done some work recently to address these excessive credential prompts in Chrome. Those changes will be in the next preview release. With these changes, the experience is still not as seamless as Edge, but better than it is now.
 
2) Can't authenticate with domain account
In some cases, Windows will require users that are not the built-in Administrator to be a member of the Remote Management Users local group. try adding your domain account there. Even though you are managing the localhost, WAC treats it as a remote machine when creating PowerShell sessions to execute your actions.
 
If that doesn't help, you may need to disable the LocalAccountTokenFilterPolicy. You'll do this with the following:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
Let me know if that unblocks you!