This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
After Chrome update to versin 85.xxxx.83 , some client PC when user webmail exhcnage over ADFS 3.0 face with issue,
can't redirect to web mail from ADFS , if client reinstall chrome that work normal
Please Help to fix this problem.
Brs,
This error is very generic. We will need more information than this.
You can look at the ADFS Admin logs from the server and find the error or warning with the Activity ID listed in this error message. It will tell you what went wrong.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 81%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDU%3C/text%3E%3C/svg%3E)
We have the same problem. Exchange 2013 with the latest CU + ADFS 2012 R2.
After the last updates, Edge (Chromium) also stopped working with OWA. Everything works fine on IE, Firefox and old Edge.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 96%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELK%3C/text%3E%3C/svg%3E)
yes Chromium stopped working.
@Pierre Audonnet - MSFT : do you have any solution for this issue?
( ADFS log/trace only show
Event ID364
Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '13' seconds. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext context, MSISSignInResponse response)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
)
I don't have an answer. I am not sure I fully understand the underlying situation as many comments tagged on with different configurations. Some of them use WAP some others don't, some other seemed to have fixed the issue by updating (or downgrading) the version of Chrome.
I can probably give you a root cause and some possible investigation paths if:
Else it is just speculation. The error message we see just mean that the user has gone into a loop and that ADFS is stopping it. The root cause could be ADFS but that's impossible to say without the type of data aforementioned.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 27%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Things was fine:
Exchange 2013 with CU23, OWA and ECP sites are ADFS auth
Windows Server 2019 AD DC + ADFS role (latest WU installed)
today we noticed, what things became bad - OWA and ECP does not open in Edge build 86 (win 10) and Google Chrome (Samsung S20 (Android 10) smartphone.
Latest Firefox and IE works fine. All things inside corporate LAN.
Working solutions:
Good then, @Lê Khánh Hưng solving your problem too? If so I can convert the comment into an answer and you can mark it as a solution.
Not so fast. Set-AdfsResponseHeaders does not work in ADFS WinSrv 2012R2.
But "set edge flags as chrome://flags/#reduced-referrer-granularity = "disabled" in build 86" does since it is a browser configuration.
Besides, it is time to upgrade :)
@Pierre Audonnet - MSFT : :( we use ADFS 2012R2 not support Set-AdfsResponseHeaders function. do you known can I modify this header setting on WAP proxy?
As google says https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default , may be this config manual disable reduced-referrer-granularity will stop on Chrome vesion 88.
Nope. Not out of the box. If you have a hardware load balancer on the front you can inject the header eventually, but you will also break certificate based authentication with ADFS (which you don't care if you don't use it anyways).
What about the browser solution: set edge flags as chrome://flags/#reduced-referrer-granularity = "disabled"? Can't you use this?
There is always the option to upgrade to 2019, the upgrade process is fairly straight forward. Same procedure as the update to 2016: https://video2.skills-academy.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 50%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWQ%3C/text%3E%3C/svg%3E)
Encountered same issue. This resolves.
https://support.microsoft.com/en-us/help/4547705/authentication-loop-between-msft-sts-microsoft-com-adfs-and-owa-in-exc
Disable chrome://flags/#reduced-referrer-granularity and also if same site setting used then disable that too.
Although the links says exchange 2016 and 2019, it works for 2013 as well.
By the way, no issues with chrome 84. Chrome 85 has it. If only these vendors coordinated and rolled it out.
thanks a lot!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
same problem here with Chrome 85. when installing chrome 84 no problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 52%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
We are seeing the same issue on all devices running Chrome 85 (Chromebook, iOS, MacOS, Windows and Android).
Version 84 works flawlessly, our users just see a Error 440 (MS Timeout) error on 85, other ADFS relaying parties seem unaffected on 85, only MS Exchange 2016 OWA.
Really hope this is sorted quickly by Google or Microsoft, easy to keep managed devices on 84 but not so easy for the 2000+ unmanaged BYO devices.
On ADFS log we only saw this eror Event ID364
Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '13' seconds. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext context, MSISSignInResponse response)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
And only effect on chrome, can anyone help fix this problem?
We are seeing the same problem here in the ADFS log. Really frustrating.
The release notes for Chrome 85 are here - https://support.google.com/chrome/a/answer/7679408#85
It does mention changing the UserAgent string which may be why it's stopped working but not sure, I spent an hour trying to find a solution for it last week but have drawn a blank, it seems to effect all minor versions of Chrome 85 too.
What version of Exchange server are you running? I am thinking about patching ours to the latest release (Currently on Exchange 2016 CU10).