Symptoms
Consider the following scenario:
-
You configure the Work Folders service to be authenticated by using an Active Directory Federation Services (AD FS) server that is running Windows Server 2012 R2.
-
The client computer is domain-joined and connected to the domain network.
-
You log on to a client computer to use the Work Folders service to sync work files.
In this scenario, this issue occurs.
Resolution
To resolve this issue, the AD FS administrator is required to add Work Folders as the supported user agent by running the following cmdlet on the AD FS server:Set-AdfsProperties -WIASupportedUserAgents ((Get-AdfsProperties).WIASupportedUserAgents + 'MS_WorkFoldersClient') This cmdlet adds "MS_WorkFoldersClient" as a list that AD FS recognizes, and the cmdlet enables the application (in this case it is Work Folders) to use Windows integrated authentication to authenticate by using the logged-on user credentials. Additionally, the AD FS administrator is required to enable
WindowsIntegratedFallbackEnabled by using the following cmdlet:Set-AdfsGlobalAuthenticationPolicy -WindowsIntegratedFallbackEnabled True On the client computer, install update rollup 2975719. For more information, click the following article number to view the article in the Microsoft Knowledge Base:2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about how to use AD FS authentication for the Work Folders service, go to the following Microsoft website:
Using AD FS authentication for Work FoldersFor more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates