Hi,
we started to use Azure AD only joined devices with federated AD users in the cloud.
For a SSO user expierience we implemented Kerberos for users --> How SSO to on-premises resources works on Azure AD joined devices | Microsoft Docs
The client software could successfully installed, so no issue here, including the SQL connection, ... passed the connection test :-)
When trying to connect with login type "Windows Account" and "integrated" feature we get an error.
In the second error message I can see that the client software using the current known user SID that is different to the AD onprem SID.
(... could be validated with "whoami /user" ... shows the Domain\account name and the "Azure ObjectID - SID" (S-1-12-1....)
Is there a possible workaround?
Maybe newer versions using the Kerberos Token directly?
Any other idea or suggestion?
Thx in advance
ASM
we started to use Azure AD only joined devices with federated AD users in the cloud.
For a SSO user expierience we implemented Kerberos for users --> How SSO to on-premises resources works on Azure AD joined devices | Microsoft Docs
The client software could successfully installed, so no issue here, including the SQL connection, ... passed the connection test :-)
When trying to connect with login type "Windows Account" and "integrated" feature we get an error.
In the second error message I can see that the client software using the current known user SID that is different to the AD onprem SID.
(... could be validated with "whoami /user" ... shows the Domain\account name and the "Azure ObjectID - SID" (S-1-12-1....)
Is there a possible workaround?
Maybe newer versions using the Kerberos Token directly?
Any other idea or suggestion?
Thx in advance
ASM