Forum Discussion
Login with AzureAD Account sync instantly goes in "Error" state
Adding OAuth2 challenge to cache. Domain: api.aadrm.com TenantId: 'XXXXXXXXX-b782-4f44-b0b5-XXXXXXXXXXXX' Challenge: 'Bearer resource=""https://aadrm.com"", realm=""e2ba673a-b782-4f44-b0b5-XXXXXXXXXXXXXXX"", authorization=""https://login.windows.net/XXXXXXX-b782-4f44-b0b5-XXXXXXXXXXX/oauth2/authorize""'" mip::AuthInfoStore::AddChallenge 108172
the reason this is interesting is when I look at another user who is able to sync the request from his log is missing the tenant id info.
Adding OAuth2 challenge to cache. Domain: api.aadrm.com TenantId: '' Challenge: 'Bearer resource=""https://aadrm.com"", realm="""", authorization=""https://login.windows.net/common/oauth2/authorize""'" mip::AuthInfoStore::AddChallenge 6884
succesful response in log is this:
Info 2019-10-08 08:47:38.448 publish_client.cpp:85 msedge (10780) "Publish response (custom)" mip::PublishClient::GetRestResponseFromHttpResponse 6884
Info 2019-10-08 08:47:38.448 publish_client.cpp:86 msedge (10780) "Id: 00000000-0000-0000-0000-000000000000" mip::PublishClient::GetRestResponseFromHttpResponse 6884
failed resonse is this
Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:132 msedge (78904) "Received a usage restrictions response:" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172
Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:133 msedge (78904) "AccessStatus: AccessDenied" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172
- Colleen_WilliamsSep 29, 2020
Microsoft
bandtank I'm sorry you've ben having such difficulties. I'm from the Edge team and would like to help. Can you e-mail me at collw (at) microsoftdotcom? We'll go from there. Thanks, Colleen
- bandtankSep 22, 2020Copper Contributor
I've been having a similar issue and I documented it here. In short, none of the users in one of my tenants are able to sync via Edge. I'm seeing the following errors:
From edge://sync-internals:
Last Token Error EDGE_AUTH_ERROR: 3, 15, caa2000b and several of these:
Error: GenerateCryptoErrorsForTypes@../../components/sync/driver/data_type_manager_impl.cc:42, cryptographer error was encountered: From edge://signin-internals:
Error: Primary Error: kTokenRequestFailed, Secondary Error: kTokenFetchProviderError, Platform error: -895352821, hex:caa2000b, Error string: Error code: 0xcaa2000b, error message:AADSTS500014: The service principal for resource 'https://aadrm.com' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it. Trace ID: <redacted> Correlation ID: <redacted> Timestamp: 2020-09-22 04:12:47Z I've tried every suggestion including filing a support ticket through Azure AD. Nothing has worked yet and it's becoming a large source of frustration.
- rckagJun 28, 2020Copper Contributor
MathiasR Hey there, i had this issue fixed last week for my account! Basically you need to contact the Microsoft Azure support team. This is a separate support area within the Microsoft Azure admin panel. See the screenshot i have attached, it should give you (or your Azure administrator) a good idea where to find this. I can confirm it was a data corruption issue in my case, and they had to wipe the data from my profile. From what i understand, the original data corrupting issue was resolved, but if your data is corrupt within your profile, it needs to be wiped manually.
- MathiasRJun 25, 2020Brass Contributor
akhator Hi there, I just found this thread, I too belong in bucket 2, sync fails for my work setup between Edge using my AAD account and I get that GenerateCryptoErrorsForTypes error.
Has a process been established to clear this? Other users in my organization can sync fine, so indeed something with just my account, I think.
- ycore290Apr 15, 2020Copper Contributor
Sure thing, will give it a try in the morning, however for some further color, I AM able to sync on my windows 10 1909 desktop using the same build (81.0.416.53) and account, however when I try and sync on our Windows 2016 RDS server, I get the error that I attached. But if I used a test account that has never synced before, I CAN sync on that same 2016 server. The behavior is mystifying, but clearly it isn't a client side network/proxy/config issue if I can sync with a new account, unless there is some profile specific file that is causing the issue.
- ycore290Apr 14, 2020Copper Contributor
I have a similar issue since the upgrade to the latest production build, but different error. I am able to sign in, however Sync is never able to connect. I can find no internet reference for the below error. Any idea what it means?
rror: Primary Error: kTokenRequestFailed, Secondary Error: kUserSwitch, Platform error: 1002, hex:3ea, Error string: UserSwitch {"Description":"Authentication was blocked because a user switch was detected. Old ID: '(pii)', new ID: '(pii)'.","ErrorCode":"1002","Tag":"96h1z"} - pivotrobertFeb 08, 2020Copper ContributorBucket #2 here ;(
Looking forward to the workaround. - jasonsch69Jan 30, 2020Brass Contributor
As I had suspected. My problem was related to changing my UPN after I had enabled sync. The fix was to add my old UPN as a proxy address to my Azure account (via my local AD). Once I added my old UPN as a proxy address and let it sync up to azure, Edge sync worked immediately. Thanks akhator for putting me in touch with one of your team.
- jcartwr97Jan 24, 2020Copper Contributor
I'm guessing the sync error you are referring to is this, taken from my sync-internals.
Error: GenerateCryptoErrorsForTypes@../../components/sync/driver/data_type_manager_impl.cc:38, cryptographer error was encountered:
Any clue when we may get a fix, or a way to clear the corrupted data?
- jasonsch69Jan 22, 2020Brass Contributor
Avi Vaid I sent the sync-internals status dump via private message.
Turns out if you try to paste a copy of the histogram into a private message, It kills edge and/or chrome.
Must be the 23000 lines of text. how can I send you a txt file?
- nOrphfJan 22, 2020Brass Contributor
Throwing mine in, as one of my accounts work, but my primary dosn't, so it should work.
No accounts are synced from AD, they are cloud only.
Taken from newest canary, do you want them from GA release?
/Lars
- Avi VaidJan 22, 2020
Microsoft
jasonsch69 Thanks. Could you send us copies of edge://signin-internals and edge://histograms to help debug your specific issue further. You can send it to me privately.
- jasonsch69Jan 22, 2020Brass Contributor
- Avi VaidJan 21, 2020
Microsoft
jasonsch69 Could you clarify what account you're using to try to sync. I seem to recall from previous comments that you were using an on-prem AD account? We don't yet support sync for on-prem AD accounts
- jasonsch69Jan 21, 2020Brass Contributor
Just to be clear, on my sync-internals page I see this error
Local State
Server Connection auth error since 2020-01-21 14:33:14 -05is that the crypto error you are referring to?
- akhatorJan 21, 2020
Microsoft
nidde nOrphf Thanks for your patience and apologies for delay in response here. I believe there are two topics in this thread
1. For accounts getting message of "Sync is not available for this account" - this is expected to show up when your account does not meet the pre-requisites needed for sync (for instance AAD premium accounts, correct configuration etc.) Please review the summary here - https://docs.microsoft.com/en-us/deployedge/microsoft-edge-enterprise-sync . This covers both the pre-requisites as well as configuration needed for sync to work.
2. There is a second bucket of errors reported where encryption management ran into error. This is expected to impact the account and thus will prevail on all devices (you should see crypto error on edge://sync-internals for this bucket). We are working on in-app control for users to reset their cloud data. However that is still further out. In the meantime, we are preparing and verifying a manual process allowing users to request deletion of their cloud data. I am hoping that we will be able to offer this manual set of instructions soon while we work on right long term solution in parallel.
Thanks again for your patience.
- nOrphfJan 19, 2020Brass ContributorAnyone still employed at MS and wants to give some costumer service?By the way, after I installed the GA version, my sync for the working account is also failing!
- Daniel BrezinaJan 07, 2020Copper Contributor
Same here. Feels a bit like beta users are being left behind, now that the feature is ready for GA.
- jasonsch69Jan 06, 2020Brass Contributor