question

PARTYSEBASTIEN-0124 avatar image
0 Votes"
PARTYSEBASTIEN-0124 asked sbastienparty-6671 commented

Problem synchronizing SharePoint Libraries with OneDrive

Hello,

I have a web application on SharePoint 2019 on-premise from which I try to synchronize libararies. The web application is extended to use FBA authentication.
When I'm connecting using the Windows Authentication, I'm able to synchronize libraries with OneDrive without problems.
But when using the FBA authentication to connect to the extended web application I'm not able to synchronize libraries. After entering my credentials OneDrive return me the following error : There was a problem connecting to OneDrive (Error Code: 0x8004de40).
Is there some additional configuration to be done to have OneDrive synchronization working using FBA Authentication ?

Regards,

Sébastien

office-sharepoint-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenXu-MSFT avatar image
0 Votes"
AllenXu-MSFT answered

Hi @PARTYSEBASTIEN-0124,

There is an additional step for enabling FBA for office applications. Office applications now use “Modern Authentication” by default – which does not support Claims authentication. SharePoint Server 2019 allow Modern Authentication to be turned off. To turn it off, run the following in the SharePoint Management Shell:

 $sts = Get-SPSecurityTokenServiceConfig
 $sts.SuppressModernAuthForOfficeClients = $True
 $sts.update()
 iisreset

Reboot your servers after running the cmdlets and see if it would fix that error.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PARTYSEBASTIEN-0124 avatar image
0 Votes"
PARTYSEBASTIEN-0124 answered sbastienparty-6671 commented

Hello,

I checked on my SharePoint farm and the SuppressModernAuthForOfficeClients parameter was already set to True even though I never changed it.
I can try to run the commands you provided anyway (I'll need to schedule it because I cannot reboot the servers at any time) but not sure if it's worth it as the parameter seems already set.
Let me know if I can provide more informations to help resolve this issue.

Regards,

Sébastien

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PARTYSEBASTIEN-0124

Could you find any clues in ULS Logs? Please share here if you could.

0 Votes 0 ·

Hello,

do you have any insight about the logs ?

0 Votes 0 ·
sbastienparty-6671 avatar image
0 Votes"
sbastienparty-6671 answered sbastienparty-6671 published

Hello,

here is what I found in the ULS logs when trying to connect to OneDrive :

Sending HTTP response 302 for HTTP GET request
Cannot get the SPMonitoredScope for the request
SPRequestModule.EndRequestHandler End
SPFederationAuthenticationModule.IsRedirectToLogOnPage: Detected a redirection but the redirect is not to a known signin page: /_layouts/15/TiceFBALogin/tice-login.aspx?ReturnUrl=%2f
SPApplicationAuthenticationModule.IsBearerChallengeRequested: Return 'False'.
The request isn't made to a page which allows NeverAuth to be specified in the query string
STS setting for SuppressModernAuthForOfficeClients:'True'.
IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'.
SPRequestModule.BeginRequestHandler Begin ce10c99f-61ba-b009-4816-61cc794c7531
Entering Monitored Scope (Request (GET:https:///_layouts/15/TiceFBALogin/tice-login.aspx?ReturnUrl=/)). Parent=None ce10c99f-61ba-b009-4816-61cc794c7531
Name=Request (GET:https://
/_layouts/15/TiceFBALogin/tice-login.aspx?ReturnUrl=/) f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.10364.20001' f310c99f-410a-b009-4816-6f06260eedaa
Using input cookie name. CookieName: 'FedAuth'. f310c99f-410a-b009-4816-6f06260eedaa
SPApplicationAuthenticationModule: Clear outgoing token context from SpThreadContext f310c99f-410a-b009-4816-6f06260eedaa
SPApplicationAuthenticationModule: Clear cross tenant token context from SpThreadContext f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.PostAuthenticateRequestHandler Begin f310c99f-410a-b009-4816-6f06260eedaa
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 f310c99f-410a-b009-4816-6f06260eedaa
Value for isAnonymousAllowed is : True f310c99f-410a-b009-4816-6f06260eedaa
Value for checkAuthenticationCookie is : False f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.PostAuthenticateRequestHandler End f310c99f-410a-b009-4816-6f06260eedaa
Multiauth SPWebApplication with widnows enabled and MS-OFBA accepted was set to false for the request url 'https:///_layouts/15/TiceFBALogin/tice-login.aspx?ReturnUrl=/'. f310c99f-410a-b009-4816-6f06260eedaa
Sending HTTP response 401 - text/plain:401 UNAUTHORIZED. f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.PostLogRequestHandler Begin f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.PostLogRequestHandler End f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.EndRequestHandler Begin f310c99f-410a-b009-4816-6f06260eedaa
Micro Trace Tags: 0 avwhy,0 nasq,0 avwhz,0 bjkuz,0 bjvyg,0 bnksk,0 avwh6,0 agb9s,0 ajd6k,0 ajd6l,0 avwh7,0 af30r,0 b6p2,0 avwia,0 avwib,0 avwic f310c99f-410a-b009-4816-6f06260eedaa
Sending HTTP response 401 for HTTP GET request f310c99f-410a-b009-4816-6f06260eedaa
Leaving Monitored Scope: (Request (GET:https://
/_layouts/15/TiceFBALogin/tice-login.aspx?ReturnUrl=/)) Temps d’exécution=2.1075; CPU Milliseconds=2; Nombre de requêtes SQL=0; Parent=None f310c99f-410a-b009-4816-6f06260eedaa
SPRequestModule.EndRequestHandler End f310c99f-410a-b009-4816-6f06260eedaa
SPApplicationAuthenticationModule.IsBearerChallengeRequested: Return 'False'. f310c99f-410a-b009-4816-6f06260eedaa
The request isn't made to a page which allows NeverAuth to be specified in the query string f310c99f-410a-b009-4816-6f06260eedaa
STS setting for SuppressModernAuthForOfficeClients:'True'. f310c99f-410a-b009-4816-6f06260eedaa
IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'. f310c99f-410a-b009-4816-6f06260eedaa

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.