Forum Discussion

nOrphf's avatar
nOrphf
Brass Contributor
Sep 05, 2019

Login with AzureAD Account sync instantly goes in "Error" state

Hi   Please see this video about my problem: https://youtu.be/atxOfCJBKRE To recap in words, When I sign-in with my personal AzureAD account to Edge Dev and Canary (Newest builds 78.0.262.0/78.0.2...
jasonsch69's avatar
jasonsch69
Brass Contributor
Oct 02, 2019

Shaecky 

 

good path. I tested on my "guest" network that does not have ssl inspection turned on but still does layer 7 inspection. Same issue, however I used hotspot on my cell phone and it stayed logged in. I have asked my FW team to look at layer 7 inspection to see if it is being blocked due to unknown protocol or other unusual traffic. Will let you know.

nOrphf's avatar
nOrphf
Brass Contributor
Oct 02, 2019
Hey

It’s not a FW problem for me. I can log in and synchronise fine with my Admin account to my Office 365 tenant and with my work Office 365 account.
  • jasonsch69's avatar
    jasonsch69
    Brass Contributor
    Oct 07, 2019
    So I am having issue like you. I can sync with hotmail account. Can sync with an id for a "test" tenant but cannot sync with an id from my primary tenant.
    • nOrphf's avatar
      nOrphf
      Brass Contributor
      Oct 08, 2019

      Hi

      Just thinking, you who have the same issue, is your account wither an AD synced, or an old AD synced account converted to Cloud only?

      Cause I have just created a new in-cloud user in my tenant with out a license, but with the same domain as my own domain, and it works. (My own account is sourced from AD Sync, but has been converted to In-Cloud)

      So it's not tenant nor domain specific, it must be the specific user object, in my case at least, so just wondered if the "history" of the account could be the culprit.

      Regards Lars

      • jasonsch69's avatar
        jasonsch69
        Brass Contributor
        Oct 08, 2019

        nOrphf my account is a sync account from on prem AD. Both accounts (dev tenant) and prod Tenant are sourced from same AD but with different anchor attribute. We are no longer actively syncing the dev tenant account. I took a look at the logs files located at AppData\Local\Microsoft\Edge Beta\User Data\Profile 6\Sync Data\mip\logs\mip_sdk.miplog and a couple of things stand out. 

        As part of the tenant setup we had to change the upn of our users. I originally setup sync with my old upn (userid@olddomain.com). And now my upn is userid@newdomain.com. When i look at the logs i can see an Owner attribute that still references my old upn even though is shows authenticated as userid@newdomain.

         

        Info 2019-10-07 16:36:19.279 usage_restrictions_client.cpp:137 msedge (78904) "Owner: userid@olddomain" mip::UsageRestrictionsClient::GetRestResponseFromHttpResponse 108172

         

        Sending HTTP request: ID: MIP-1, Type: POST, Url: https://api.aadrm.com/my/v2/enduserlicenses?userEmail=userid@newdomain.com, Body Size: 9573, Headers['Accept'] = 'application/json', Headers['Content-Type'] = 'application/json', Headers['Authorization'] = 'SCRUBBED', Headers['Accept-Language'] = 'en-US', Headers['x-ms-rms-request-id'] = '41fa4384-9ccd-4386-8894-00007db44834;83975697-6773-41da-b544-0000b5a3d59a', Headers['x-ms-rms-platform-id'] = 'AppName=Microsoft Edge;AppVersion=78.0.276.14;DevicePlatform=WindowsStore;SDKVersion=4.2;UniqueId=ecd6b820-32c2-49b6-98a6-444530e5a77a;OsName=win;OsVersion=10-0-18362;MipVersion=1.3.181;'" mip::SendHttp 108172



         

Resources