<div>
you are talking about which application<br />
what authentication mechanism it uses?<br />
<br />
AD supports only windows integrated authentication as SSO when it comes to web based applications, if application behavior changed, then SSO would not work
</div>


<div>
Definitely windows integrated authentication. &nbsp;These are just web-based addresses (internally) to different applications (ServiceDesk, Desktop Authority) that we used to be able to logon automatically with windows integrated authentication. &nbsp;Nothing has changed on the Application side. &nbsp;Then only major change that has occurred is the removal of our Certificate Authority, and the replacement of our Domain controllers.
</div>


<div>
These URLs have been in there for years, and after closer look, somebody changed them from 1 to 2 (intranet to Trusted Sites). &nbsp;Once I changed them back to 1 it is working. &nbsp;Thanks for putting me back in the right location.
</div>


<div>
<div class="content wysiwyg-content">
Everything was working up to about 2 months ago. &nbsp;Where used to be able to go to an internal website (either IE or chrome) and you did not get prompted to logon, SSO worked. &nbsp;The only thing that I can think of that has changed is the replacement of our W2008 R2 Domain Controllers with W2012 R2. &nbsp;In doing so I did away with our Certificate Authority. &nbsp;I'm no expert here, especially when it comes to CAs, but I do suspect this could be the reason.<br />
I have verified the Group Policy Site to Zone assignments and that has not changed, so either it's a Windows update or the change out of our domain controllers (and/or CA).<br />
Can some body please shed some light for me? &nbsp;Thanks
</div>
</div>


Everything was working up to about 2 months ago.  Where used to be able to go to an internal website (either IE or chrome) and you did not get prompted to logon, SSO worked.  The only thing that I can think of that has changed is the replacement of our W2008 R2 Domain Controllers with W2012 R2.  In doing so I did away with our Certificate Authority.  I'm no expert here, especially when it comes to CAs, but I do suspect this could be the reason.
I have verified the Group Policy Site to Zone assignments and that has not changed, so either it's a Windows update or the change out of our domain controllers (and/or CA).
Can some body please shed some light for me?  Thanks

Internal SSO broken in Windows 2008 R2 AD environment

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.