In Windows 10 currently there are 2 PRTs:
- The Azure AD Primary Refresh Token
- And the Enterprise Primary Refresh Token, a.k.a. the ADFS Primary Refresh Token
–
For both the following troubleshooting steps apply if you are experiencing issues somehow:
- Always check the output of: DSREGCMD.EXE /STATUS
- Event Logs to check on the client:
- “Applications And Services Log\Microsoft\Windows\AAD\Operation” Event Log
- “Applications And Services Log\Microsoft\Windows\User Device Registration\Admin” Event Log
- Any correlation ID in any event related to the error experienced on the client, can most like also be found at server side in the corresponding event log. If server side is AAD, then you need Microsoft. If server side is ADFS, then you can check it yourself
- Changing or resetting the password, invalidates the current PRTs and fresh ones are retrieved/generated
- If a PRT is missing, triggering to try to retrieve a PRT can be done by either logoff/logon or lock/unlock
–
With this information you should have a good start to try troubleshooting PRT related issues, although not always easy!
Do not forget to also read Jairo’s blog post about how SSO works in Windows 10
–
Enjoy and have fun!,
Jorge
————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
#################### http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-