Windows Admin Center SSO

Windows Admin Center SSO

If you’ve installed Windows Admin Center (WAC) on a domain joined server and you connect to another domain joined system you’ll see a message similar to this.

Having to login multiple times is annoying so here’s how to make the Single Sign On work with WAC using Kerberos constrained delegation.

Connect to a domain controller as a domain admin.

Edit this script to match what you need.

$SERVER = "SERVER YOU WANT TO ENABLE SSO ON"
$WAC = "WAC SERVER NAME"

Set-ADComputer -Identity (Get-ADComputer $SERVER) -PrincipalsAllowedToDelegateToAccount (Get-ADComputer $WAC)
Code language: PowerShell (powershell)

Run the script.

After that you can connect to that system from WAC using SSO. (You may need to reboot your WAC server for the changes to take effect if you’ve already hit the error).

If you want to know more you can read Microsoft’s document on it here.

Leave a comment

Your email address will not be published. Required fields are marked *