Issues Authenticating to Zoom and Microsoft Products
September 15, 2025 7:54 a.m.Applications utilizing ADFS authentication failed to pass the login page or would get past MFA only to be looped back to the ADFS login page.
The administrator for Archer reported a login issue.
Users were not able to sign into any services using ADFS SSO.
While reviewing the Member Server Firewall GPO, it was found that the GPO had only partial updated when the new domain controllers were added. The TCP rule was updated when the new DCs were added but the UDP rule had not been. We took steps to correct this through a GPO update.
Resolving this issue enabled the Azure-based ADFS servers to correctly communicate with the domain controllers in Azure. By default, ADFS servers in Azure utilize Azure-hosted domain controllers. One of these domain controllers is Server 2025, which has RC4 encryption disabled by default. As a result, when the ADFS service account attempted to authenticate using RC4, the connection to Server 2025 failed.
We were able to resolve this issue by enabling AES128 and AES256 support on the ADFS service account which allow the account to use the 2025 domain controller.
We need to review all authentication traffic to see if we can determine how to completely disable the use of RC4.