Every time I try to setup work folders on my Win 8.1 enterprise domain-joined system, it fails with some bogus errors about "Try entering your latest password". This user's alias hasn't ever been changed, so it's not a case of resetting the password - though I tried that already.
I've noticed that, over on my WorkFolders.ad.ajmadmin.info server, I see the following 2 events every time I try to Setup Up Work Folders on the client system:
- System Log | SChannel 36874 "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
- A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChanel error state is 1205.
All certs in use were issued from the PKI in the test environment (offline root + online issuing). Before I say anything else, I get the feeling that this trouble is due to using Microsoft Software Key Storage Provider / SHA512 on the root/subordinate. However, I duplicated the template used for Work Folders, AD FS, and WAP from the default Web Server template, so all are using Legacy Cryptographic Service Provider.
I'm kinda hoping someone can already tell me what's wrong from that info...
BTW if any MSFT folks are reading this, the documentation for setting up AD FS + WAP + Work Folders is a freakin mess and doesn't really mention how to create the associated certificate templates, or really go over what subject names or SAN's should be used. I ended up finding that all from technet blogs and how-to vids, but that stuff should really be on the TechNet Library pages...
born to learn!