?
Solved

OneDrive desktop authentication issue against on-premise AD FS 3.0  with Azure AD MFA

Posted on 2016-07-20
9
Medium Priority
?
157 Views
Last Modified: 2016-07-29
After setting up MFA (Multi-Factor Authentication) on Office 365 in conjunction with Azure AD MFA I cannot get my users to authenticate.  Skype for Business and Outlook can authenticate just fine using app passwords, but for some reason I’m not aware of, OneDrive doesn’t like it the app password.  I can see in that my AD FS (Active Directory Federate Services) URL is being pulled into the forms based authentication pop up.  It doesn’t matter what form I try such as domain\username or username@domain.com or alias@domain.com with O365 app password or AD password.  I do NOT have an on-premise Exchange server.  Everything is on Server 2012 R2 and all my client machines are Windows 10.

Any ideas on how to resolve?
0
Comment
Question by:Nathan Vanderwyst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41721965
onedrive or onedrive 4 business, they are 2 entirely different animals. OneDrive uses your microsoft account, od4b uses your sharepoint account.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722009
I am talking about OD4B, not the personal edition.  Please  help.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41722015
Can the user(s) access sharepoint successfully?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Nathan Vanderwyst
ID: 41722017
yes
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41722050
Grab the next-gen client. No, it isn't built I to any release of windows, not even 10. It supports MFA natively (no need for app passwords) and troubleshooting is far more graceful.
0
 

Author Comment

by:Nathan Vanderwyst
ID: 41722102
What next-gen client?  OneDrive?  Where would I download this next-gen client?
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41722115
https://support.office.com/en-us/article/Deploying-the-OneDrive-for-Business-Next-Generation-Sync-Client-in-an-enterprise-environment-3f3a511c-30c6-404a-98bf-76f95c519668

Note that while the article says if you are on Windows 10, you already have the new client, I have not found this to be the case. It may possibly be that the article as prematurely updated for the anniversary update, but the NGSC wasn't released when 1511 shipped and I haven't seen it in any CU.

I do believe it has been included in the latest C2R Office 2016 updates, but you mentioned app passwords, which are also not required in 2016, so I can only assume you aren't on those builds...
0
 

Accepted Solution

by:
Nathan Vanderwyst earned 0 total points
ID: 41726589
I turned off MFA, removed all app passwords, reset all passwords, enabled forms authentication in AD FS and now all is well.  Thank you for your responses.
0
 

Author Closing Comment

by:Nathan Vanderwyst
ID: 41734464
The responses I received were not helpful and did not provide any means to resolved.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question