![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 4%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZJ%3C/text%3E%3C/svg%3E)
Microsoft 365 和 Office | SharePoint | 商业版 | Windows
一组用于共享和管理内容、知识和应用程序的 Microsoft 产品和技术。
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Please note that this is the zh-cn forum. We kindly recommend posting your question in Chinese Simplified so that more community members can assist you. Alternatively, you may consider posting in the English forum if you prefer to use your native language. We sincerely appreciate your understanding.
Hi Zhou Jack
Thank you for reaching out to Microsoft Q&A forum
Based on your description, I understand that you’re trying to sync libraries from your corporate SharePoint Server that is published behind a CDN and uses Microsoft Entra ID (OIDC) for authentication. When you click Sync on the site, the OneDrive for Windows client opens but its sign‑in window remains disabled (buttons greyed out) and never completes.
Initially, could you confirm which version of your company SharePoint Sever ?
Because according to my research based on Microsoft documents, OneDrive for Windows does support syncing with SharePoint Server 2019 and SharePoint Server Subscription Edition (SPSE), and SPSE supports OIDC with Microsoft Entra ID. Specifically:
SharePoint Server 2019 & Subscription Edition (SPSE) work with the current OneDrive sync app (OneDrive.exe) for Windows/Mac. Microsoft’s guidance for configuring SharePoint on‑premises to sync with the “new OneDrive sync app” applies to 2019/SPSE at LINK
OIDC is a supported authentication method for SharePoint Server SPSE (with Entra ID or AD FS). You can read for more information at:
- https://free.blessedness.top/en-us/sharepoint/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-adfs
- https://free.blessedness.top/en-us/SharePoint/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-msaad
- https://free.blessedness.top/en-us/sharepoint/security-for-sharepoint-server/oidc-1-0-authentication
However, the OneDrive client relies on a browser‑initiated handoff from the SharePoint Sync button plus valid cookies and redirects. In environments that insert a CDN/reverse proxy, enforce strict TLS/cookie policies, or route traffic through authenticated proxies, this handoff can break producing the “greyed‑out” sign‑in window. Additional client policies (like restricting sync to specific tenants) can also block on‑prem sync unless the special on‑prem tenant marker is allowed.
That said, you may try the following workaround methods to see if they help resolve or mitigate the issue:
1. Bypass CDN/Proxy to Isolate the Cause
Temporarily connect directly to the SharePoint origin (same OIDC zone) and retry the Sync button. If sign‑in completes, the issue lies in CDN or proxy rules. Then:
- Preserve authentication headers and cookies (
FedAuth,SameSite=None; Secure). - Avoid rewriting domains or stripping attributes.
- Ensure TLS 1.2 remains enabled for federated web apps.
2. Eliminate Authenticated Proxy on the Client
- Create bypass rules for OneDrive and SharePoint endpoints.
- Exempt critical domains like
*.wns.windows.comand CDN/SharePoint URLs. This often resolves the greyed‑out login window.
3. Check OneDrive Tenant Restriction Policy
If you enforce “Allow syncing OneDrive accounts for only specific organizations”, add the special on‑prem tenant ID along with your Microsoft 365 tenant ID. Without this, the OneDrive client will reject on‑prem sync targets.
Important Note:
If you choose to bypass the CDN or proxy for troubleshooting, do so only in a controlled manner. This step is intended for temporary testing to isolate the root cause and should not be left in place permanently. Bypassing may reduce security controls such as traffic inspection, TLS validation, or data loss prevention. To minimize risk:
- Perform the test on a non-production device or in a lab environment.
- Keep the bypass active for the shortest time possible.
- Ensure all traffic still uses HTTPS with trusted certificates.
- Revert to the original secure configuration immediately after testing.
In this context, I strongly recommend reaching out to Microsoft Support via an official support ticket to get assistance from experts in reviewing your OIDC configuration and CDN/proxy policies. They can validate your setup and provide guidance tailored to your environment.
Best regards
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.