<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7V1VSAVOkta Classic EngineOkta Integration NetworkAnswered2024-04-17T12:51:01.000Z2017-12-18T21:56:55.000Z2018-10-19T18:15:59.000Z

fx04h (fx04h) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Outlook 2016 spinning "signing in" to O365 with DesktopSSO/IWA enabled (SSL also enabled)
We have a sporadic occurance that certain users will occasionally see a "signing in" box that gets stuck when launching Outlook 2016. SSL has been enabled on our IWA server. Testing the URL https://DESKTOPSSO/IWA seems to work as intended from the client machines in question. One thing is that it seems to happen more often over a VPN connection, where the user is remote and our DesktopSSO IWA server is local. I have increased the timeout in the IWA app, but it didn't seem to have an effect.

 

The only way to allow the user to sign-in using Outlook in these situations is to turn off IWA temporarily from our Okta settings, and then re-enable it once their Outlook has connected. This doesn't seem like a sustainable approach. A few other observations: a review of the firewall logs show that the user's laptop is not initiating any communication a the moment Outlook is stuck at "signing in." Nothing is being blocked as far as I can tell. The Outlook client never times out and will stay stuck at signing in forever unless we disable Desktop SSO temporarily. After turning off Desktop SSO/IWA, the forms based Okta sign-in page will appear, and Outlook will authenticate.

 

I'd love to get this solved. Are there any suggestions that will prevent Outlook 2016 from getting perpetually stuck in the "sign in" phase?

 

Matt
  • 9 answers
  • 13.92K views

  • bogdan.andrisan1.4534936759044734E12 (Okta, Inc.)

    Hello Matt,

     

    This could generally occur because of a communication issue. Based on your tests it could be at the IWA level, so did you also check if restarting the IWA service helps?

    Also, if you have multiple IWA Apps, could you check if this occurs on any Application?

    If these tests also do not help I would recommend opening a ticket with Support to further investgate this behavior.

     

    Thank you,

    Bogdan Andrisan
    Expand Post

  • fx04h (fx04h)

    Yes to the restart of IWA. It is only one app, Office 365, specifically Outlook 2016. Browser sessions to the Office 365 browser apps work fine. It's confined to just Outlook 2016 being stuck on the "signing in" popup screen (with a spinning circle). Unfortunately, when the issue occurs, people are waiting for thier Outlook to work so they can use email, so I typically just turn off the Desktop SSO temporarily, which will let Outlook authenticate via the Okta web form, and then I'll turn Desktop SSO back on after the stuck Outlook has connected. Since it's sporadic, and not easily replicated, I don't know how to have support assist (it doesn't do it all the time). I guess I'll just keep doing my workaround of temporarily turning off Desktop SSO on the Okta settings, and then turning it back on. If it becomes too much of a consistent issue, I'll contact support again.

     

    Thanks,

     

    Matt
    Expand Post

  • KyleC.40824 (Customer)

    we are also seeing this issue as well.  As a workaround we've had to disable modern auth (internal only) for the handful of users reporting this behavior.

     

    Disable ADAL - [HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL] - REG_DWORD "0"

     

    Likewise w/ Matt, we seem to be isolated to the outlook app and OWA works as expected.

    Expand Post

  • hh0vw (hh0vw)

    The workaround worked for us, however has Okta support added any new comments to this, we are experiencing the same issue.

  • KyleC.40824 (Customer)

    We ended up hearing from MS to apply the following registry key to avoid MS WAM.  Supposedly this known error should be resolved on an upcoming hotfix, but until then, the following registry key mitigates the issue and still maintains ADAL.

     

    [HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\DisableADALatopWAMOverride] - REG_DWORD "1"
    Expand Post

  • leula (leula)

    Anyone have any updates, or new experiances to share?  We've got the sporadically around our organization.  I've replicated the problem using a test domain and the Preview tenant.  I currently have a Win 10 machine with O365 Outlook 2016 spinning.  None of the usual fixes are having any effect.  Or has anyone heard a date on the hotfix?  Handling these tickets is quite a burden and I'd really like to get a soldi fix on it.
    Expand Post

  • feok4 (feok4)

    Jordan - we had to setup IWA with SSL to get around this issue when the client is coming from a known network.

  • ojqhk (ojqhk)

    We are having the same issue. It has only happened to a few people and we are getting stuck with that pop up and then the Okta credential request pops up again and again afterwords. We have tried everything from Regedit with the keys and then restoring the profile. Anymore suggestions or luck on this? I am about to lose my mind here lol.

  • leula (leula)

    SSL solved our issue, but we did have to add  machinenamewhereOktaADAgentis.domainname.com to our trusted sites via group policy as well.  We have 2 agents, and made 2 entries into trusted sites.

This question is closed.
Loading
Outlook 2016 spinning "signing in" to O365 with DesktopSSO/IWA enabled (SSL also enabled)