| Table of Contents | ||
|---|---|---|
|
Synergetic Windows Client (SynMain) and Azure AD: Solutions for Authentication Compatibility
The Synergetic Windows client, SynMain (a FAT32 application), relies on Kerberos authentication to communicate with on-premises domain controllers (DC). However, when end-user devices are Azure AD-joined, the SynMain client doesn’t function as expected. This is because Azure AD does not natively support Kerberos authentication.
Below are the alternative solutions that can be implemented:
Hybrid Azure AD Join (Recommended)
This solution allows laptops to be both domain-joined and Azure AD-joined.
Laptops can authenticate against on-premises Active Directory (AD) while also registering with Azure AD for cloud services.
In this scenario, the SynMain client continues to use domain credentials for authentication via the on-prem AD, ensuring that the application works as expected.
Active Directory Domain Services (ADDS) in Azure
You can set up an Azure Virtual Machine running ADDS, which acts as a domain controller in the cloud.
This extends your on-premises AD infrastructure to Azure, allowing devices to authenticate with this domain controller.
By doing this, you maintain the traditional Windows authentication required by the FAT32 application while taking advantage of Azure AD’s cloud services.
Remote Access
...
or Virtualization
If modifying the environment is not feasible, consider deploying the FAT32 application on a virtual machine (VM) that remains domain-joined.
Users can then access this VM through Remote Desktop or a similar solution, ensuring the application functions as it would in an on-prem domain-joined environment.
Troubleshooting
TBC