Have you tried changing the client machine DNS to 8.8.8.8? We are able to resolve that on our clients with that fix for the initial authentication to SSO, then change it back.
We were able to swap our DNS to external 8.8.8.8, let the client authenticate the first time, then back to internal DNS. Once it authenticates the first time, it works fine after that.