Solved

OneDrive desktop authentication issue against on-premise AD FS 3.0  with Azure AD MFA

Posted on 2016-07-20
9
33 Views
Last Modified: 2016-07-29
After setting up MFA (Multi-Factor Authentication) on Office 365 in conjunction with Azure AD MFA I cannot get my users to authenticate.  Skype for Business and Outlook can authenticate just fine using app passwords, but for some reason I’m not aware of, OneDrive doesn’t like it the app password.  I can see in that my AD FS (Active Directory Federate Services) URL is being pulled into the forms based authentication pop up.  It doesn’t matter what form I try such as domain\username or username@domain.com or alias@domain.com with O365 app password or AD password.  I do NOT have an on-premise Exchange server.  Everything is on Server 2012 R2 and all my client machines are Windows 10.

Any ideas on how to resolve?
0
Comment
Question by:Nathan Vanderwyst
  • 5
  • 2
  • 2
9 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41721965
onedrive or onedrive 4 business, they are 2 entirely different animals. OneDrive uses your microsoft account, od4b uses your sharepoint account.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722009
I am talking about OD4B, not the personal edition.  Please  help.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41722015
Can the user(s) access sharepoint successfully?
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722017
yes
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 41722050
Grab the next-gen client. No, it isn't built I to any release of windows, not even 10. It supports MFA natively (no need for app passwords) and troubleshooting is far more graceful.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722102
What next-gen client?  OneDrive?  Where would I download this next-gen client?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 41722115
https://support.office.com/en-us/article/Deploying-the-OneDrive-for-Business-Next-Generation-Sync-Client-in-an-enterprise-environment-3f3a511c-30c6-404a-98bf-76f95c519668

Note that while the article says if you are on Windows 10, you already have the new client, I have not found this to be the case. It may possibly be that the article as prematurely updated for the anniversary update, but the NGSC wasn't released when 1511 shipped and I haven't seen it in any CU.

I do believe it has been included in the latest C2R Office 2016 updates, but you mentioned app passwords, which are also not required in 2016, so I can only assume you aren't on those builds...
0
 

Accepted Solution

by:
Nathan Vanderwyst earned 0 total points
ID: 41726589
I turned off MFA, removed all app passwords, reset all passwords, enabled forms authentication in AD FS and now all is well.  Thank you for your responses.
0
 

Author Closing Comment

by:Nathan Vanderwyst
ID: 41734464
The responses I received were not helpful and did not provide any means to resolved.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now