Jump to content
Welcome to our new Citrix community!
  • 0

Office 365 License Activation Problems on VDA 2206


Palle Falkenberg

Question

Office 365 License Activation Problems on VDA 2206

 

We are having problems with activating Office 365 licenses automatically on Windows Server 2019 and VDA 2206

 

Before VDA 2206, we had the "Office 365 password prompt dissappearing" problem - VDA 2206 solved this for us.

But now we have a new problem, where Windows cannot correctly identify itself to Azure to get a license for the user - but only in a Citrix Session.

 

We are logging on through Citrix Cloud - applications are configured in Citrix Cloud. We are using Azure AD as authentication mechanism. 
We have implemented FAS for user identity.


Servers are 2019. We are using FSLogix, with "Include Office activation data in container" activated


The Servers are joined to our local AD, and are synced and registered in Azure AD with no errors.

 

As far as I know, we are using Seamless SSO for Azure (how do you exactly check this?)

 

What we are seeing is that loggong on to the server through RDP with a normal desktop session, has no issues auto fetching a license for
the user. No errors.

 

When trying to do the same thing on Citrix, either through publishing a desktop on the server, or publishing Excel/Word as an app, 
we are getting account errors in Office 365. "Account Error - Sorry we cant get to your account right now"

 

image.png.4b75fa98513502a94a49e704e1634e66.png

 

 

When doing a dsregcmd /status - there are differences - the WamDefaultSet and AzureAdPrt are both set to "NO" on the Citrix Sessions - 
but in the RDP sessions they are both set to "YES"

 

We are seeing these errors in the eventlog under "Microsoft-Windows-AAD"  when logging on through Citrix:

 

image.thumb.png.cc7a88c9f6714c9519222e5ebcd23128.png

 

image.thumb.png.40f2d8ce8d8cb1b7be04e0b746c36cf0.png

 

image.thumb.png.fdc0420eb6d94b993c0c427fcc34fdc5.png

 

Also on Azure AD we can see this logon error:

 

image.thumb.png.4b11311a096c17eabb19a244f10aa947.png

 

My guess is that it has something to do with FAS, and Azure AD not knowing who is user is - but I'm not sure

 

Anybody got some ideas on how to troubleshoot this?

Link to comment

1 answer to this question

Recommended Posts

  • 0

It seems that it is actually FAS/Smartcard Certificate related

 

The FAS Smartcard/Certificates that the user uses to identify to log on to Windows, doesn't seem to allow that an Azure token is being generated and issued to the user

 

We have verified this, by disabling the FAS GPO, so that the user doesn't get a smartcard certificate issued,

 

Then the user is being asked to log on to Windows - when this happens, the user gets a Azure token issued (WamDefaultSet=YES, and AzureAdPrt=YES) , just as it would happen in a normal RDP scenario - and Office 365 Activation works seamless, just like it should

 

How do we get Azure to submit token to the users who logs on with the smartcard certificate through Citrix?

Does something need to happen to the smartcard certificate template so that Azure knows who the user is?

Or do we have to do something to our Azure environment, to get it to issue tokens to our users based on their smartcard certificate?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...