Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, September 27, 2015 2:13 AM
I have a Windows Server 2012 R2 Essentials home server and multiple client PC's all running Windows 10 Pro. Obviously I also have a domain configured and use domain accounts to login to the clients. I've successfully connected my Microsoft Account to my domain account on each of the devices, and while it seems all my other settings do sync, my passwords do not.
The option to sync passwords does show up and is checked. I've also checked to make sure Group Policy is not configured to prevent password syncing. I've also tried removing the Microsoft Account from my domain account, and then re-adding it, but to no avail.
I'm at a loss as to why this isn't working. Any help in this matter is very much appreciated.
P.s.
Also should have noted that each of the clients I am using have been added as trusted devices in my Microsoft Account.
All replies (16)
Tuesday, September 29, 2015 6:44 AM
Hi OhmsFutility,
How do you verify whether the passwords sync work? Have you tried to put the machine out of the domain to have a check?
First of all, please check the following registry keys` configuration.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials
We could remove the device from the Microsoft account completely and re-add it again to have a check.
Settings\Accounts\Manage my Microsoft account
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, September 30, 2015 10:58 PM
Thank you for the reply. I found the location in the registry which you mentioned. Which entries am I looking for specifically? The "enabled" entry had a value of 1.
I removed one of my devices from the domain as requested and logged into my Microsoft account. It is still syncing my OneDrive, but so far no luck. In fact, none of my settings have synced yet..
As for removing the device from my Microsoft account, I have already attempted that with each of my devices previously, but it had no effect at all.
Semper Paratus!
Saturday, October 3, 2015 7:27 PM
So to provide an update, the laptop which was previously on the domain and has since been removed a few days ago still hasn't synchronized the passwords.
I created two Windows 10 Pro VM's on another box to test further. Neither was ever connected to my domain at any point. I simply logged into them with my Microsoft Account. Here's what I've observed so far:
Neither VM synced any passwords I had previously saved in my primary machine which is connected to the domain.
Those passwords which were saved in either VM, immediately synced to both the other VM, my Windows Phone, AND my primary domain box. After about a 10 minute delay they also DID sync to the laptop which was recently removed from the domain.
New passwords saved on the former domain laptop during this testing DID sync to both VMs, the Windows Phone, and my primary domain box.
New passwords saved from my Windows Phone DID sync to all machines.
Any new passwords saved on my primary domain box during this testing DID NOT sync to ANY machine. (This is the same behavior I have been experiencing all along on all of my domain connected systems, prompting this forum post.)
In other words, it would appear that any password saved from a domain joined PC will not sync properly, but passwords saved from non-domain PC's will sync properly, even TO domain joined PC's.
Any suggestions on how to solve this problem? I suppose for the time being my solution is to keep a non-domain joined VM running for the sole purpose of saving my passwords from, but I would hardly call that an acceptable long-term solution. Any help in this matter is appreciated.
Semper Paratus!
Friday, October 9, 2015 8:44 AM
Hi Semper Paratus,
How do you verify whether the password is synced? (credential manager?)
According to your description, this behavior may be expected. The domain is a security boundary. It may be by design the domain machine will not sync password.
I tried to test on my Windows 10 Enterprise machine. But I didn`t find any credentials synced to another machine.
I will make a deep test on my side if you could share the detailed steps you have tried.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, October 14, 2015 12:24 PM
Sorry for the delay in responding, I was traveling.
I verified the behavior I described in my previous post from the password manager within Edge, however they do also appear within Credential Manager.
I understand that the domain is a security boundary, however as mentioned before I looked through Group Policy to verify that no policies were blocking this capability. If you are saying that by design passwords can't be synced at all when using a domain account, then it would seem odd that the option even is available within settings. Furthermore through my testing, as described earlier, "it would appear that any password saved from a domain joined PC will not sync properly, but passwords saved from non-domain PC's will sync properly, even TO domain joined PC's." So it would seem that syncing with domain accounts is possible, it just for some reason is only able to do so in one direction, not both.
Please let me know if you need more details, but my previous post should provide all the steps I have taken so far.
Thank you for the assistance.
Semper Paratus!
Thursday, October 15, 2015 8:53 AM
Hi OhmsFutility,
I have made a test again.
I noticed only the "Web Credentials" could be synced and all the machines will be synced no matter whether the machines have been joined to the domain or not.
Here is the test environment:
I login the Windows 10 machines(joined to domain or not) with the same Microsoft account(Verify the account).
1.On the machine not joined to the domain, I create a web credential and it is synced to both domain joined machines and non-domain joined machines.
2.On the domain joined machine, I create a web credential and it is synced to both domain joined machines and non-domain joined machines.
We could disable the "Sync password" option and enable it again to trigger the sync process.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Sunday, October 18, 2015 12:01 AM
Well, I tried disabling the password sync feature from all of my systems, gave it a full day to replicate, but after switching it back on I'm still back at square one..
Semper Paratus!
Wednesday, October 21, 2015 7:33 AM
Hi OhmsFutility,
The main concern is that the credentials in the domain won`t sync to the machine out of the domain.
Have you tried to test this issue on different machines?
Considering this issue didn`t occur in my testing environment, there may be some special configurations in your environment resulting in this.
Please turn off the firewall temporarily to have a check. At the same time, please run "gpresult /r /f >gpresult.txt" to check any related group polies has been applied to the machine.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, October 21, 2015 11:30 PM
Thank you again for responding,
I've tested this across multiple systems, both physical and virtual, and the issue is consistent, in that those passwords saved from a domain joined system will not sync to other systems, but those saved from non-domain joined systems will sync to all systems.
I turned off my firewall as requested and tested again, but the results were the same.
Here is the gpresult file:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
c 2015 Microsoft Corporation. All rights reserved.
Created on 10/21/2015 at 7:24:10 PM
RSOP data for DOMAIN\USER1 on DESKTOP1 : Logging Mode
OS Configuration: Member Workstation
OS Version: 10.0.10240
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\USER1.DOMAIN
Connected over a slow link?: No
USER SETTINGS
CN=USER1,CN=Users,DC=DOMAIN,DC=local
Last time Group Policy was applied: 10/21/2015 at 7:02:21 PM
Group Policy was applied from: SERVER1.DOMAIN.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2008 or later
Applied Group Policy Objects
N/A
The following GPOs were not applied because they were filtered out
Local Group Policy
Filtering: Not Applied (Empty)
WSE Group Policy Folder Redirection
Filtering: Denied (WMI Filter)
WMI Filter: WSE Group Policy WMI Filter
The user is a part of the following security groups
Domain Users
Everyone
BUILTIN\Administrators
Remote Desktop Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
WseRemoteWebAccessUsers
WseAllowAddInAccess
WseAllowMediaAccess
WseAlertAdministrators
WseAllowComputerAccess
WseAllowHomePageLinks
WseAllowShareAccess
WseRemoteAccessUsers
NTLM Authentication
High Mandatory Level
Semper Paratus!
Monday, October 26, 2015 7:40 AM
Hi OhmsFutility,
I would make an apology. I made a mistake during the test process. The previous test result is not convincible. I rechecked the the test result. It shares the same symptom as yours. The domain joined machine won`t sync to the non-domain joined machine but the non-domain joined machine will sync to the domain joined machine.
I checked this symptom on the Windows 8.1 machine and found that it is an expected behavior(By design).
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, October 26, 2015 5:37 PM
Thank you for looking into the matter further.
Is there any indication that this behavior will be changed at some point in an update? Or that we will be given an option to allow syncing from the domain? At the very least we should be able to sync passwords between devices on the same domain. To re-iterate once more, at this time passwords saved on a domain-joined box will not sync to any other device, even on the same domain.
I understand the logic behind this design from an enterprise perspective, however in a case such as mine where the server and clients are all used in a home environment, I'm basically placed in a position of choosing between the convenience of syncing my passwords across my Microsoft Account, or all of the benefits of running a domain.
For the time being I think my solution will be to have a non-domain-joined VM dedicated to saving passwords, however this obviously is less than ideal. Perhaps once Edge gets extension support this will cease to be an issue, since I can then use another password manager if this issue hasn't been addressed by then.
Thank you for all of your efforts in helping troubleshoot this issue. If you are in a position to do so, please share the findings of this thread to the team at Microsoft in charge of this functionality so that maybe they could consider implementing a fix.
I would prefer to leave this thread marked as unanswered for now. I will follow up with a post if and when Microsoft fixes this functionality.
Semper Paratus!
Tuesday, October 27, 2015 7:13 AM
Hi OhmsFutility,
Ar present, there is no update to change this behavior. Just as the explanation of this feature on Windows 8.1 said, this behavior is designed to ensure the safety of the domain-joined machine. I am afraid this behavior won`t be changed in the the future.
However, we could try to use the built-in Feedback tool(Search it directly) to submit our needs. We could use this tool to submit any ideas or experiences of using Windows 10 anytime.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, December 15, 2017 1:21 PM
Thanks to the OP for this post as I'm having the same problem with syncing across domain-joined machines and it's almost 2018 now. Indeed the solution would seem to be to create a non-domain-joined VM instance of Win10 just for the purpose of propagating sync data.
Friday, December 15, 2017 9:15 PM
You know that this is also caused by the WiFi on most hardware not turning on before the system logs in.. right?
If you are having the same issue, don't you think maybe opening a new case, that doesn't bring back nearly 4 year old issues to the top of the forum would keep things neat, and help those who take the time to help others on here not have to dig through old cases..
Rob
Friday, December 15, 2017 9:25 PM
The guy has an issue against somebody expressing gratitude for a 4-year old post whereas such post helped me solve a problem. All I said is thanks to the OP. He helped me. Lighten up. Go clean your mom's basement or something, you've been living there too long. ;)
Friday, December 15, 2017 10:02 PM
Chill.. Just sayin'.. No need to start an argument on a forum like a tough guy.. Just sayin' it's better to start a new question than move an old one to the top of the chain.. that's all..
Rob