In the message you will find an error code. To that time, look for errors further below the timeline.Ĥ. If no errors from Cloud AP plug in are found corresponding In the logs look for events from AADCloudAPPlugin Operation in the Task Category corresponding to the approximate login time stamp.
If not, then analyzing the AAD_Analytic.evtx or AAD_oper.evtx in the collected logs will help.ģ. Ensure AzureADPRT:Yes is present in the txt file. Open dsregcmd.txt file for output of dsregcmd /status. Stop running the logging script by executing stop_ngc_tracing_public.cmdįind zip logs under %SYSTEMDRIVE%\TraceDJPP\* for analysis.Ģ.
Perform the steps to reproduce the issueĬ. Open an admin command prompt and run start_ngc_tracing_public.cmdī. However, if you are not able to figure out the issue using that you may need to raise an Azure Support Ticket with the collected logs.Ī. I will provide you some troubleshooting guidance here. If a PRT problem is suspected, the first step is to collect AAD logs. If there are problems refreshing the PRT, the PRT eventually expires thus affecting SSO to AAD resources and resulting in prompts. Once every four hours, as part of lock and unlock or re-login to Windows, a background network authentication is attempted For subsequent logins, the cached token is used to let the user to the desktop. The user logs into the device for the first time and cached. This is obtained as a result of logging in to Windows 10 with AAD credentials on AAD joined machines. On devices that are Hybrid Azure AD joined, the main artifact of authentication is the PRT (Primary Refresh Token). This indicate a problem with Primary Refresh Token. Let's start by searching for Log Analytics and open that service I haven't added any yet, so I'm going to click Create I have no Resource Groups either, so I have to create one of those.In above dsregcmd /status output AzureAdPrt is NO. This will be a short thread, the documentation for this is over here: … The general process - create a Log Analytics Workspace, then configure Azure AD Diagnostic settings to send the logs Start by logging into the Azure Portal: Hey, let's ship Azure AD platform logs to a Log Analytics workspace :) For many smaller orgs, this will likely be free, and it provides a huge amount of insights that help facilitate things like removal of Legacy Authentication and fine tuning of Conditional Access policies Hey, let's ship Azure AD platform logs to a Log Analytics workspace :)įor many smaller orgs, this will likely be free, and it provides a huge amount of insights that help facilitate things like removal of Legacy Authentication and fine tuning of Conditional Access policies- Nathan McNulty September 29, 2021
0 kommentar(er)
