We have a couple of IIS websites (intranet on Sharepoint and ADFS for Dynamics 365) running in our on-prem AD environment. Up until recently SSO from browsers such as Chrome and Edge was functioning properly.
Now all of a sudden several users are complaining that SSO does not work, regardless of using Chrome or Edge. It doesn't matter which user logs on to the computer, SSO still will not work, and the user is prompted for username and password by the browser.
If we run "gpupdate /force" on the problematic computer, SSO works just fine.
If user restarts computer the same problem occurs again, until "gpupdate /force" is run again.
Configuration is correct,
- Integrated Windows Authentication is enabled
- Automatic logon only in Intranet zone is enabled on the Intranet zone settings (user settings GPO)
- The urls of the websites belong to the intranet zone
Does anyone know what could be causing this intermittent fall out of SSO, or if there are tools that can be used to troubleshoot/log the reason why it's not working, when it stops working? Clients are running Win10 Enterprise 21H2.
Problem can be "fixed" through scheduling "Gpupdate /force" to run at every user logon, but that is not a feasible solution in an environment with 1000 clients.
