[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

OneDrive desktop authentication issue against on-premise AD FS 3.0  with Azure AD MFA

Posted on 2016-07-20
9
Medium Priority
?
238 Views
Last Modified: 2016-07-29
After setting up MFA (Multi-Factor Authentication) on Office 365 in conjunction with Azure AD MFA I cannot get my users to authenticate.  Skype for Business and Outlook can authenticate just fine using app passwords, but for some reason I’m not aware of, OneDrive doesn’t like it the app password.  I can see in that my AD FS (Active Directory Federate Services) URL is being pulled into the forms based authentication pop up.  It doesn’t matter what form I try such as domain\username or username@domain.com or alias@domain.com with O365 app password or AD password.  I do NOT have an on-premise Exchange server.  Everything is on Server 2012 R2 and all my client machines are Windows 10.

Any ideas on how to resolve?
0
Comment
Question by:Nathan Vanderwyst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41721965
onedrive or onedrive 4 business, they are 2 entirely different animals. OneDrive uses your microsoft account, od4b uses your sharepoint account.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722009
I am talking about OD4B, not the personal edition.  Please  help.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41722015
Can the user(s) access sharepoint successfully?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:Nathan Vanderwyst
ID: 41722017
yes
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41722050
Grab the next-gen client. No, it isn't built I to any release of windows, not even 10. It supports MFA natively (no need for app passwords) and troubleshooting is far more graceful.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722102
What next-gen client?  OneDrive?  Where would I download this next-gen client?
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41722115
https://support.office.com/en-us/article/Deploying-the-OneDrive-for-Business-Next-Generation-Sync-Client-in-an-enterprise-environment-3f3a511c-30c6-404a-98bf-76f95c519668

Note that while the article says if you are on Windows 10, you already have the new client, I have not found this to be the case. It may possibly be that the article as prematurely updated for the anniversary update, but the NGSC wasn't released when 1511 shipped and I haven't seen it in any CU.

I do believe it has been included in the latest C2R Office 2016 updates, but you mentioned app passwords, which are also not required in 2016, so I can only assume you aren't on those builds...
0
 

Accepted Solution

by:
Nathan Vanderwyst earned 0 total points
ID: 41726589
I turned off MFA, removed all app passwords, reset all passwords, enabled forms authentication in AD FS and now all is well.  Thank you for your responses.
0
 

Author Closing Comment

by:Nathan Vanderwyst
ID: 41734464
The responses I received were not helpful and did not provide any means to resolved.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question