Forum Discussion
Login with AzureAD Account sync instantly goes in "Error" state
Hi
Just thinking, you who have the same issue, is your account wither an AD synced, or an old AD synced account converted to Cloud only?
Cause I have just created a new in-cloud user in my tenant with out a license, but with the same domain as my own domain, and it works. (My own account is sourced from AD Sync, but has been converted to In-Cloud)
So it's not tenant nor domain specific, it must be the specific user object, in my case at least, so just wondered if the "history" of the account could be the culprit.
Regards Lars
nOrphf my account is a sync account from on prem AD. Both accounts (dev tenant) and prod Tenant are sourced from same AD but with different anchor attribute. We are no longer actively syncing the dev tenant account. I took a look at the logs files located at AppData\Local\Microsoft\Edge Beta\User Data\Profile 6\Sync Data\mip\logs\mip_sdk.miplog and a couple of things stand out.
As part of the tenant setup we had to change the upn of our users. I originally setup sync with my old upn (userid@olddomain.com). And now my upn is userid@newdomain.com. When i look at the logs i can see an Owner attribute that still references my old upn even though is shows authenticated as userid@newdomain.
Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:137 msedge (78904) "Owner: userid@olddomain" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172
Sending HTTP request: ID: MIP-1, Type: POST, Url: https://api.aadrm.com/my/v2/enduserlicenses?userEmail=userid@newdomain.com, Body Size: 9573, Headers['Accept'] = 'application/json', Headers['Content-Type'] = 'application/json', Headers['Authorization'] = 'SCRUBBED', Headers['Accept-Language'] = 'en-US', Headers['x-ms-rms-request-id'] = '41fa4384-9ccd-4386-8894-00007db44834;83975697-6773-41da-b544-0000b5a3d59a', Headers['x-ms-rms-platform-id'] = 'AppName=Microsoft Edge;AppVersion=78.0.276.14;DevicePlatform=WindowsStore;SDKVersion=4.2;UniqueId=ecd6b820-32c2-49b6-98a6-444530e5a77a;OsName=win;OsVersion=10-0-18362;MipVersion=1.3.181;'" mip::SendHttp 108172
- another interesting entry in the log is this entry"
Adding OAuth2 challenge to cache. Domain: api.aadrm.com TenantId: 'XXXXXXXXX-b782-4f44-b0b5-XXXXXXXXXXXX' Challenge: 'Bearer resource=""https://aadrm.com"", realm=""e2ba673a-b782-4f44-b0b5-XXXXXXXXXXXXXXX"", authorization=""https://login.windows.net/XXXXXXX-b782-4f44-b0b5-XXXXXXXXXXX/oauth2/authorize""'" mip::AuthInfoStore::AddChallenge 108172
the reason this is interesting is when I look at another user who is able to sync the request from his log is missing the tenant id info.
Adding OAuth2 challenge to cache. Domain: api.aadrm.com TenantId: '' Challenge: 'Bearer resource=""https://aadrm.com"", realm="""", authorization=""https://login.windows.net/common/oauth2/authorize""'" mip::AuthInfoStore::AddChallenge 6884
succesful response in log is this:
Info 2019-10-08 08:47:38.448 publish_client.cpp:85 msedge (10780) "Publish response (custom)" mip::PublishClient::GetRestResponseFromHttpResponse 6884
Info 2019-10-08 08:47:38.448 publish_client.cpp:86 msedge (10780) "Id: 00000000-0000-0000-0000-000000000000" mip::PublishClient::GetRestResponseFromHttpResponse 6884
failed resonse is this
Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:132 msedge (78904) "Received a usage restrictions response:" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172
Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:133 msedge (78904) "AccessStatus: AccessDenied" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172- anyone from Microsoft available to look into this issue?