Sage opening payslip issue

irish84 · 2025-07-28T08:13:48.172Z

Hi All,

A customer is having an issue with payslips. They use Sage Payroll v28.1. Sage data was migrated onto an Azure server and the users log into an Azure cloud PC (AVD) to open Sage client to generate the payslips and send them using Outlook. The payslips send out ok the end users receive them but some of the users can’t open the payslip. They enter their pin but nothing happens after opening the PDF. What’s weird it’s not affecting all users.
If the customer sends the payslip to themselves in their office they can open it fine.
The customer still has the old on prem environment in use. So as a test they restored a backup to the on-prem server then generated the payslips from their PC in their office and sent them, the end users could open them with no issues.
Would anyone know if there’s something in Outlook or Sage that’s needs to be enabled or disabled or is it something on the 365 admin side that needs to change?

Der-Geist · 2025-07-28T12:54:17.806Z

Have you checked the Entra logs? There might be a SAML block or there’s a particular user group not granted access to the Sage via Enterprise Apps portal. Verify the affected users are assigned to the same group the successful connectors are assigned. In Entra, click on the User, then Applications and you should see the specific role they were assigned.

irish84 · 2025-07-28T13:07:03.219Z

The users are external. The company manages payroll for lots of companies. One of the examples was an external user using Gmail. I thought it was affecting Gmail only but it varies from what i am being told. It’s only when they send the payslips from the AVD machine. If they send it from their own PC’s after restoring a backup from the Azure server to their on-prem server that particular user with the Gmail account could open the payslip. I’m wondering would the Azure setup be doing something or is it something to do with the IP address its coming from?

Der-Geist · 2025-07-28T14:03:05.252Z

This appears to fall on the shoulders of Azure. On-prem is a different beast as far as rules and access goes. One issue that stands out is that the remote (external) users are unable to access the AVD. Does the the AVD have a public endpoint? How is access granted? There’s a whole slew of blockades that could be at play here. Now, if certain remote users are able to access while others are not, I’d expect you are looking at RBAC and the users are simply missing group access. Perhaps newer users not getting added to the group automatically or a group accidentally dropped. From a remote client, you could just ping the Sage URL to confirm DNS. (it’s always DNS). If it times out, you could check the NSG inbound rules in Azure’s policies for port 443. I’m still a newbie for Azure network connectivity. So, that’s the extent of my sleuthing.

irish84 · 2025-07-28T14:29:25.546Z

I appreciate your input. The external users don’t access the AVD machine they only get their payslips sent from Sage which is installed on the AVD machine. It’s definitely something on the Azure side. The emails send fine and are received by the users the only issue is the users are unable to enter their pin after opening the PDF or nothing happens after entering the pin.

Der-Geist · 2025-07-28T14:38:37.495Z

It’s a bit of a stretch, but, can you have one of them try opening the PDF with Edge instead of Adobe? It probably won’t work. But, it might elicit an error that could help track down the issue.

irish84 · 2025-07-28T15:55:42.317Z

I’ve asked them to ask a user to try and download the PDF and see if they can open it. They had a user try to open it directly from the email on their phone and PC but it didn’t work.