VMware Horizon Community
HPU-ADM
Enthusiast
Enthusiast
Jump to solution

Unable to log into Skype for Business

I have created different base images based off windows 1803 Enterprise and windows 1903 Enterprise.  The pool is created with the virtual center customization script to generate a new SID (sysprep). The pool is also a dedicated, full desktop. Users logging into these desktops will not be able to log into skype for business.  One thing to note is that we have a 3rd party sso provider leveraging authentication with our AD with Microsoft office 365.  Both the office 2019 and office365.com products on each desktop in the pool work fine with the sso.  But with skype for business, when a user connects, no pop up for the 3rd party sso appears and i get an error that skype cannot retrieve an ssl certificate.

ON THE OTHER HAND,

On the base image, (it's not joined to the domain), i can log in as local administrator, and with any user account in our AD, that's licensed for office365 and skype for business, log into the skype for business client.  When I press connect in the skype for business client, a pop up window appears for our 3rd party sso and I can enter windows credentials, click submit, pop up disappears and the skype for business client logs in.

What is going on?!?!?!?!?!?

vmware tools: 10.3.10

view agent: 7.5.1

horizon view 7.5.1

windows 10 Enterprise 1803 (64bit)

vsphere 6.7 U2

Skype for business 2019 MSO (16.0.10346.20002) 32bit

Reply
0 Kudos
1 Solution

Accepted Solutions
HPU-ADM
Enthusiast
Enthusiast
Jump to solution

After working for weeks with microsoft, they came back with a solution.  So in my particular case these settings have to be added to the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]

"DisableADALatopWAM"=dword:00000001

"DisableAADWAM"=dword:00000001

"DisableADALatopWAMOverride"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync]

"EnableWAM"=dword:00000000

If you noticed, these are current user settings. So they will not apply to a newly provisioned desktop unless you add it to the default NTUSER.DAT file in C:\Users\Default.

And here is the explination:

"By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138).

By making the changes to the registry we are forcing our Lync client installed on our Windows 10 OS to use the ADAL authentication.

Hence after making the necessary changes we were able to sign in successfully without any issues."

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos
1 Reply
HPU-ADM
Enthusiast
Enthusiast
Jump to solution

After working for weeks with microsoft, they came back with a solution.  So in my particular case these settings have to be added to the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]

"DisableADALatopWAM"=dword:00000001

"DisableAADWAM"=dword:00000001

"DisableADALatopWAMOverride"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync]

"EnableWAM"=dword:00000000

If you noticed, these are current user settings. So they will not apply to a newly provisioned desktop unless you add it to the default NTUSER.DAT file in C:\Users\Default.

And here is the explination:

"By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138).

By making the changes to the registry we are forcing our Lync client installed on our Windows 10 OS to use the ADAL authentication.

Hence after making the necessary changes we were able to sign in successfully without any issues."

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Reply
0 Kudos