OneDrive desktop authentication issue against on-premise AD FS 3.0 with Azure AD MFA

After setting up MFA (Multi-Factor Authentication) on Office 365 in conjunction with Azure AD MFA I cannot get my users to authenticate.  Skype for Business and Outlook can authenticate just fine using app passwords, but for some reason I’m not aware of, OneDrive doesn’t like it the app password.  I can see in that my AD FS (Active Directory Federate Services) URL is being pulled into the forms based authentication pop up.  It doesn’t matter what form I try such as domain\username or username@domain.com or alias@domain.com with O365 app password or AD password.  I do NOT have an on-premise Exchange server.  Everything is on Server 2012 R2 and all my client machines are Windows 10.

Any ideas on how to resolve?
Nathan VanderwystAsked:
Who is Participating?
 
Nathan VanderwystConnect With a Mentor Author Commented:
I turned off MFA, removed all app passwords, reset all passwords, enabled forms authentication in AD FS and now all is well.  Thank you for your responses.
0
 
David Johnson, CD, MVPOwnerCommented:
onedrive or onedrive 4 business, they are 2 entirely different animals. OneDrive uses your microsoft account, od4b uses your sharepoint account.
0
 
Nathan VanderwystAuthor Commented:
I am talking about OD4B, not the personal edition.  Please  help.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
David Johnson, CD, MVPOwnerCommented:
Can the user(s) access sharepoint successfully?
0
 
Nathan VanderwystAuthor Commented:
yes
0
 
Cliff GaliherCommented:
Grab the next-gen client. No, it isn't built I to any release of windows, not even 10. It supports MFA natively (no need for app passwords) and troubleshooting is far more graceful.
0
 
Nathan VanderwystAuthor Commented:
What next-gen client?  OneDrive?  Where would I download this next-gen client?
0
 
Cliff GaliherCommented:
https://support.office.com/en-us/article/Deploying-the-OneDrive-for-Business-Next-Generation-Sync-Client-in-an-enterprise-environment-3f3a511c-30c6-404a-98bf-76f95c519668

Note that while the article says if you are on Windows 10, you already have the new client, I have not found this to be the case. It may possibly be that the article as prematurely updated for the anniversary update, but the NGSC wasn't released when 1511 shipped and I haven't seen it in any CU.

I do believe it has been included in the latest C2R Office 2016 updates, but you mentioned app passwords, which are also not required in 2016, so I can only assume you aren't on those builds...
0
 
Nathan VanderwystAuthor Commented:
The responses I received were not helpful and did not provide any means to resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.