Hi Folks

We're currently facing a problem to get Single Sign On working in our environment.
GroupWise 2014 R2 14.2.2
Windows Server 2016 Domain functional level 2012 R2
Client Windows 10 1703 GroupWise Client 14.2.2 Build 126868

Single Sign On works if the sAMAccountName and the userPrincipalName are identical.
Let's say there is a user L_ABCD with following configuration:
userPrincipalName: L_ABCD@ad.somedomain.com
sAMAccountName: L_ABCD
Domain: ad.somedomain.com
GroupWise Account name: L_ABCD

In this configuration the login works fine.

In our case the userPrincipalName and the sAMAccountName are not identical, because of Microsoft Office 365.
For clarity:
userPrincipalName: alpha.bet@somedomain.com (Same as e-mail)
sAMAccountName: L_ABCD
Domain: ad.somedomain.com
GroupWise Account name: L_ABCD

In this configuration SSO does not work and the user has to enter his password again.
The user still uses the sAMAccountName (L_ABCD) to login.

The output of klist looks the same in both variants.

In GroupWise debug POA log i can see the follwing error:
06:59:08 AFF7 Error: The authenticated user does not match the user requesting access to GroupWise [D092] in _WpeSSPIAuthorizeUser ()

Does someday have a hint for me?

Thank You
Marco