We have a weird issue with SSO through ADFS 3 on Windows Server 2016. While some Windows 10 clients can successfully login in IE, some cannot. All Windows 10 clients are at the same patch level. The issue seems client based and not user based; User 1 can login on client A but not on Client B. We use Roaming Profiles.
When a user on a faulty client tries to open the redirected page https://sts.ourcompany.nl/adfs/ls/wia?wtrealm=https://original_page&wctx=some_guid[...] he or she is confronted with a browser login form. The user enters the correct credentials en presses [ OK ] and the login form pops up again. After entering the correct credentials, it just show an blank page. No erros or anything is recorded in eventvwr on the ADFS servers When the user enters the wrong credentials for three times, his or her account is locked in Active Directory and an error is recorded in eventvwr on the ADFS servers with EventID 364 (the user account or password is incorrect / the referenced account is currently lockedout).
I have spend several days on this issue and I'm a bit stuck now. Our ADFS is working, because some clients can login successfully. We have a user GPO active to put the relevant sites/url's in the correct IE security zone. But I'm at a loss why it won't work on some Windows 10 clients?
