Window SSO realm authentication failed, browser may received error message "The user could not be determined by the Single Sign-on agent."
In Windows SSO realm, BCAAA windows server needs to query their DC for user logon information, with username and IP address. so the SSO realm can determine the username bases on the IP address of the user.
One of the problem is the BCAAA server cannot authenticate to the DC, therefore it can not query any user logon info from the DC, result as the BCAAA can't determine the username, Win SSO realm failed.
In the BCAAA server packet capture, it showed the windows try to login to the DC with null user name as "\":
tcp port 445 protocol: SMB Session Setup AndX Request, NTLMSSP_AUTH, User: \
So the DC return access-denied:
TCP port 445 Protocol: SMB NT Create AndX Response, FID: 0x0000, Error: STATUS_ACCESS_DENIED
BCAAA log shows error message:
In the BCAAA windows server, Services, BCAAA service properties, Log On tab, Select "This account", use "Browse" button to find the designated domain user, click Ok, type in the password, click on APPLY to save it, then Ok to finish. Then restart the BCAAA service. The BCAAA user should have permission query the DC user logon info.
Rate this Page
Please take a moment to complete this form to help us better serve you.