We help IT Professionals succeed at work.

Internal SSO broken in Windows 2008 R2 AD environment

61 Views
Last Modified: 2017-03-17
Everything was working up to about 2 months ago.  Where used to be able to go to an internal website (either IE or chrome) and you did not get prompted to logon, SSO worked.  The only thing that I can think of that has changed is the replacement of our W2008 R2 Domain Controllers with W2012 R2.  In doing so I did away with our Certificate Authority.  I'm no expert here, especially when it comes to CAs, but I do suspect this could be the reason.
I have verified the Group Policy Site to Zone assignments and that has not changed, so either it's a Windows update or the change out of our domain controllers (and/or CA).
Can some body please shed some light for me?  Thanks
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you are talking about which application
what authentication mechanism it uses?

AD supports only windows integrated authentication as SSO when it comes to web based applications, if application behavior changed, then SSO would not work

Author

Commented:
Definitely windows integrated authentication.  These are just web-based addresses (internally) to different applications (ServiceDesk, Desktop Authority) that we used to be able to logon automatically with windows integrated authentication.  Nothing has changed on the Application side.  Then only major change that has occurred is the removal of our Certificate Authority, and the replacement of our Domain controllers.
Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
These URLs have been in there for years, and after closer look, somebody changed them from 1 to 2 (intranet to Trusted Sites).  Once I changed them back to 1 it is working.  Thanks for putting me back in the right location.

Author

Commented:
Thanks again Mahesh.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.