ADFS 3.0 and SSO not working from corporate network

Good Afternoon,

I have setup 2 x ADFS 3.0 Servers and 2 x WAP Servers in Azure and everything seems to be working well part from the SSO from domain connected computers.

We want to migrate from our very basic on premise SharePoint Foundation 2013 intranet to the Office 365 SharePoint Online solution to utilize the extra features. I want domain users to be able to log onto the intranet without having to input their credentials over and over again.

I have configured the local Intranet sites to have the and when an internal user tries to go to or it redirects to the ADFS page but still asks for credentials as if they were external to the corporate network.

Once they do enter their credentials it logs on fine.

Remote Connectivity Analyzer is passing with flying colours.

I followed the instructions from  here -

Any ideas?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Make sure WIA is enabled on the AD FS *and* in the IE settings for the Local zone. Javascript and cookies need to be enabled as well. The DNS record must NOT be a CNAME. Detailed instructions here:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gezzam25Author Commented:
Thanks for the response...I've checked everything on the client PC's and all IE settings are OK

ALL DNS Settings seem OK and hosts files on the WAP servers is OK.

Still getting prompted for authentication...

Is there any information I can post for you to look at?
gezzam25Author Commented:
An update...

I get redirected to my custom page on the ADFS server and can login with username in the format domain\username but SSO just won't work...

It's the last thing I need to do before it's all done and ready to soft launch and it's killing me :-)
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Vasil Michev (MVP)Commented:
By custom page you mean? Try using one of the default pages, should do.
gezzam25Author Commented:
Just the redirected page with our company logo and company image on the left...

Clients get redirected to that OK from outside and inside the company domain, but inside they still get asked for credentials

Just that last thing I need to get going (Windows Integrated Authentication)
gezzam25Author Commented:
Solved the issue with this. Both ADFS servers were set to primary, Had to set the second server to secondary using the powershell command set-adfssyncproperties -role secondarycomputer -primarycomputername xxxxxx.domain.local

Answer found at
gezzam25Author Commented:
Found the answer to this at the following location -
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.