I have listed a working known good reference deployment so you can compare this against your deployment when troubleshooting free/busy sharing for example. The following URLS are added to the Local Intranet zone via GPO (User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page by modifying the "Site to Zone Assignment List") Enhanced Protected Mode is disabled (Computer Configuration\Computer Policy\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Enhanced Protected Mode) You can use klist purge to purge the Kerberos tickets, then klist get AZUREADSSOACC to ensure that you can receiver a Kerberos ticketĪADC - 0x8023134a - AttributeValueMustBeUnique If you have configured Azure Active Directory Connect to use Seamless Single Sign on and are having trouble with signing on ensure the following: You are logging onto a Domain Joined machine connected to the corporate network, the machine must have line of sight to a Domain Controller to request a Kerberos ticket. SSPR 0029 We are unable to reset your password due to an error in your on-premises configuration. using dsregcmd /status we could see the AzureAdJoined still had a value of No so w e went through the following checklist: Checked Hybrid Join was enabled using the Azure AD Connect wizard - Checked the device control Group policies - Checked the device settings within the Azure Portal - Checked the SSO URLs had been added into local intranet zone (SSPR). Working for a number of clients recently and we were deploying Self-Service Password Reset from a Windows 10 logon screen ( ) and we came across was the machines would not Hybrid Join.
0 Comments
Leave a Reply. |