ADFS 2012 R2 login fails for some users

I have been recently working on an Office 365 project with a client which involved implementing single sign-on using ADFS. During the pilot phase I encountered a strange issue where some users when trying to sign into their mailbox via ADFS it would not log them in and just refresh the page, it was like it accepted their login credentials but then didn’t redirect them back to the OWA page where they should be going to.

I spent many an hour troubleshooting ADFS, Web Application Proxy, Active Directory and anything I could think of that would be related to this issue until I came across this post which described a similar issue and one of the suggestions in the post worked for me.

Basically it turned out that as I had chosen to use a managed service account as part of the ADFS setup wizard it didn’t have sufficient permissions to those users objects to read them.

The solution was to add ‘Authenticated Users’ to the security group ‘Pre-Windows 2000 Compatible Access’.

I don’t know whether this is a bug in ADFS or whether it was environmental to this client as its the first time I had encountered this particular problem but that the solution.

Comments are closed