This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Desktop use Entra ID
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Lately, my company's desktops have been using the Entra ID, which is connected to Azure AD. Before that, all these desktops were connected to an on-premise AD and a Lansweeper server also part of the on-premise AD. The Azure AD and on-premise AD are not trusted to each other and hence, causing a deployment problem as I will elaborate below.
1. A simple task like copying a file, the process always failed because of wrong credentials. I'm even using the desktop's local administrator account for the scanning credential.
2. If connected to the Lansweeper shared folder \\lansweeper\defaultpackageshare$ from the desktop, it will prompt for credentials.
The above issues only happened after the desktop was used with Entra ID. Appreciate it if someone could guide me how to solve it.
Labels:
- Labels:
-
General Discussion
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@AL13 Try clearing saved credentials in Windows Credential Manager.
The issue of being prompted for credentials when accessing an on-premises share after moving to Microsoft Entra ID (formerly Azure AD) is common and occurs because the device is no longer authenticating against the local Active Directory (AD) in the same way, breaking the seamless Kerberos authentication that typically handles these requests. Even with "Everyone" access, the device is trying to use Entra ID credentials for a resource that expects on-premises AD authentication.
Here are potential solutions:
Primary Solution: Enable Microsoft Entra Kerberos
The recommended long-term solution is to enable Microsoft Entra Kerberos authentication for hybrid identities. This allows Entra ID-joined devices to obtain Kerberos tickets from the cloud to access on-premises resources.
- Sync on-prem AD DS accounts to Microsoft Entra ID using Microsoft Entra Connect (ensuring password hash synchronization is enabled).
- Enable Microsoft Entra Kerberos authentication for hybrid identities and configure a cloud trust between your on-premises AD DS and Entra ID.
- Deploy a GPO or Intune policy to the workstations to "Enable Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon".
Workaround 1: Use Windows Credential Manager
A temporary fix that works for many users is to manually add the on-premises AD credentials to the Windows Credential Manager.
- Open Control Panel and search for "Credential Manager".
- Select Windows Credentials.
- Click Add a Windows credential.
- For Internet or network address, enter the UNC path of the share (e.g.,
\\Server\ShareName) or just the server name (e.g.,\\Server). - For User name, enter the on-premises username (e.g.,
DomainName\Usernameorserver\user). - For Password, enter the corresponding password.
- Click OK.
Workaround 2: Check Network Profile Settings
Sometimes, Windows misidentifies the network location, causing authentication issues.
- Ensure the problematic computer's network profile is set to Private (rather than Public). This can sometimes affect how Windows handles authentication to local resources.
Workaround 3: Adjust the Share Permissions (Less Secure)
While you mentioned "Everyone" access is set, you may need to explicitly verify the NTFS permissions and Share permissions to ensure there are no implicit "Deny" rules or conflicts. This is less recommended as it bypasses granular security controls.
If the issue persists, the problem may be tied to how the Primary Refresh Token (PRT) is handled when the device is on the local network, and dedicated Microsoft Support may be required for deeper investigation into backend configurations
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
At this moment, I have adopted your workaround 1. With this method, the client can access Lansweeper Default Shared folder without asking a credentials. But I have to think how to do a mass set-up over a few hundreds PCs.
I have faced another problem with the Entra ID machine which I can execute a simple task such as open notepad. The error "System Account Result: Package timeout reached. Stopping deployment executable: Successful. Timeout: (60sec). Credential: (.\sadmin). ShareCredential: (lansweeper\guestacct)."
The sadmin acount is the local administrator account in the Entra ID machine. I also created the sadmin account into the Lansweeper as a local administrator. Any idea how to solve it. Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi @AL13 ,
Can you ensure the "run mode" is correctly set to "scanning credential" (see Deploy packages manually or based on a schedule - Deploying Software & Other Changes - Lansweeper Co...) and that you also mapped the credential to the IP address/range or directly to the assets?
More details here:Solved: Deployment/Installation using user login credentia... - Lansweeper Community - 55928
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
