Jump to content
Welcome to our new Citrix community!
  • 0

MS Edge (Chromium) can't sign in with Seamless published App since version 81.0.416.53


Dennis Parker

Question

With the April 13 release: 81.0.416.53: the Sign In functionality appears to have changed to a Windows Universal App that can't be opened in a seamless window. It works in a published desktop or desktop RDP session, but not in a seamless window. I have only tested on Server 2019 so far. 

 

Citrix: 1912 LTSR

Server 2019

 

Users that are configured for Sync are now not able to sync. New configurations can not log in. 
Error message:
image.thumb.png.42459326335e5af3430ab36b25373fc9.png

Link to comment

Recommended Posts

  • 3

Hi guys,

With the following workaround I was able to solve the login issue:
 

1. Navigate to: C:\Program Files (x86)\Microsoft\Edge\Application

2. Change the compatibility setting for all users to Windows 7: (Windows 8 didn't work)
image.thumb.png.f10a673497020bc6956effa67d1b61cb.png

3. After that, I was able to login or rather to enable the sync.

image.png.8442332ac8fe71cda246ebf1fbd9a2d4.png

 

Environment:
- Windows Server 2019

- VDA 1912 CU1

- FSLogix

 

I hope it helps you as well.

 

Best,

 

Flo 

 

  • Like 4
Link to comment
  • 1

Heard more from Microsoft finally and the provided a switch:  --force-oneauth

 

This got me to the same place as using compatibility mode. My @live.com account will sync, but I can't get my O365 account to work properly. I can't find a policy screen similar to the screen shot, but I also do restrict to OrgID only in GPO, which means I probably "shouldn't" be able to use my personal account either. Making some progress. 

  • Like 1
Link to comment
  • 0

This had been working fine with the current hooks, (Seamlessflags = 0x104) and using the UVI approach with roaming of 'AppData\Local\Microsoft\IdentityCache' and 'AppData\Local\Microsoft\OneAuth' which were needed for the Sync to work properly after a logout. 

 

I will hopefully be able to try the ExcludedProcessNames key today, but based on the ProcessMonitor from and RDP session, I don't have high hopes. I'll update as I find out more. I will also attempt to test on other Server OSes.

 

Edit:
2012R2 works as expected still. Still able to configure and have Sync work.

 

Unable to test with 2016 server as I don't have any clients currently deployed with Edge on 2016 yet. 

 

2019 with ExcludedImageNames set does not popup the error message, but also does not allow user to login and Sync data.

Edited by Dennis Parker
adding information
Link to comment
  • 0

Any other progress made on this? I'm running a similar setup: 1912LTSR, Server 2019, and I've updated to UPM 2003 since that seems to have resolved the sign-in error in the RDP/desktop environment but I still see the error in the seamless session. Edge Chromium launches AccountsControlHost.exe for the login process. I've tried including that in UviProcessExcludes but I'm not sure if that's the correct use of UviProcessExcludes.

 

This is what I'm seeing:

  • RDP to template server (same policies excluding UPM policy), Edge is automatically logged in and I can SSO to portal.office.com
  • RDP to session host (same policies as template but with UPM policy), I'm have to click the sign-in button(s) but it's able to auto pull my credentials to sign me in and I can then SSO to portal.office.com
  • Launch Edge Chromium from Workspace app, get the error pictured in the original post
  • If I do login through a desktop session and go back to workspace, I'm now logged into Edge but SSO to office.com doesn't work

I've setup UPM policy similar to Google Chrome. I assume the UPM policy needs some tweaking to make this work but I don't know what else to check at this point and I'm having difficulty finding similar discussion online.

Link to comment
  • 0

Perhaps our errors are different. I have been running 1912 CU1 since release day and have the same error. To be clear, it isn't a roaming issue, it is a seamless application issue for me. It works fine in a published desktop, but not in a seamless app.  I guess I have a call with MS again today to look at it more and gather process monitor traces. 

Link to comment
  • 0

We see this same behavior on Server 2019 only, Server 2016 works as expected. This is preventing us from deploying Server 2019 which is required for OneDrive Files On-Demand. We do not use UPM in our environment, only FSLogix, and had to add msedge.exe to the UviProcessExcludes for it to launch at all.

 

It appears that Server 2019 launches a "modern" authentication window while Server 2016 does not.

 

Published App:

 

image.thumb.png.688f9b4eed0d048855f9471e6915577e.png

 

Desktop:

 

image.thumb.png.0659cce96ea13d01be6c4e85c3cf472e.png

 

image.thumb.png.360697c4498e4ed9f39361d7b5031aee.png

 

Even if you try to get around this by using the desktop to sign-in to edge, the published application shows you as signed-in but cannot communicate with the sync service.

 

image.png.6a1fdc286665ba294231a947404b92c6.png

 

image.thumb.png.0b548181eac06b4069e1eb3ccedd06d5.png

Link to comment
  • 0

Windows 7 combability mode on Server 2019 published app experience with a new profile:

 

  • The Welcome/Getting Started screen appears, and for some reason an additional window opens with a new tab page and takes focus (I switched back to the first window):
    image.thumb.png.31c5d0147fc1e0904ea8c873111a7401.png

 

  • After clicking Get Started -> Complete Sign-in the sign-in dialogue appears to be a win32 window rather than a modern one:
    image.thumb.png.196acb811a69aee98aedd0c90a5e6acf.png
     
  • Edge stays in a "Setting up sync state" and doesn't sync anything:
    image.png.8f7c8976ae9de3961095cd927e1a870f.png
     
  • Upon closing/relaunching edge it says it is not syncing and asks you to sign-in again:
    image.png.261cc419d4d6e609437c73901fab6029.png
     
  • Upon sign-in a second time, and for some reason requiring MFA this second time (even though our Citrix/DC IP is whitelisted), it syncs as expected:
    image.png.4f0f64c685d81e48a61396fc6dd348ec.png

 

The experience is exactly the same on a published desktop as well.

 

We have the following related config/policies:

  • Seamless SSO with Azure AD Connect
  • Automatically import another browser's data and settings at first run - Enabled
  • Configure whether a user always has a default profile automatically signed in with their work or school account - Enabled
Link to comment
  • 0

Hi guys,

 

Unfortunately, we still have some accounts, which are not working. We found out, that all non-working account are using the resource "Microsoft Activity Feed Service" for signing in into the Microsoft Edge browser.
image.thumb.png.94dab4b20781d9bc9953af56067f6434.png

 

All working accounts are using the resource "Microsoft Graph" for signing in into the Microsoft Edge browser.

 

Could anyone from you solve the issue? Do you have a similar behavior?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...