Forum Discussion

Nelson Morais's avatar
Nelson Morais
Copper Contributor
Jul 10, 2017
Solved

AAD B2B account creation failure - "An unexpected error occurred. Please try again"

Hi,   We're using AAD and B2B account to allow our partners to access our applications. One of our customers, to which we've sent an AAD B2B invite got the error message "An unexpected error occur...
Azure AD B2B
  • Nelson Morais's avatar
    Nelson Morais
    Jul 21, 2017

    Hi Chao,

     

    No, it means it "unblocked" the Domain reservation of my customer and now he was able to accept the invite. You will need to check with MS support if your situatio is the same.

     

    MS also suggested:

    - to delete the accounts in my tenant for that Domain and resend the invites.

    - to always accept the invites in an InPrivate/Incognito browser session.

     

    My conclusion:

    If this error occurs again, create a support ticket with MS so that the domain can be "unblocked" and allow the registration process to succeed. This fix is done per Domain and is not a fix that "unblocks" any other scenarios having the same or a similar issue.

     

    I hope this helps others.

     

    Nelson Morais

Nelson Morais's avatar
Nelson Morais
Copper Contributor
Jul 20, 2017

Hi,

 

I got an answer from Microsoft support.

Apparently the domain name reservation was present in a worker and this situation was the reason why the problem was occurring.

MS removed that reservation from the worker and we're now waitting for our customer to try the registration process after new accounts and invites were sent.

I'll update this post as soon as I got a confirmation that this actually solved the problem.

 

Nelson Morais

Chao Wang's avatar
Chao Wang
Copper Contributor
Jul 20, 2017

Thanks Nelson

Does this mean that this will fix all for everyone if it works?

 

We'll res-send the invitation to clients too, to test this,

 

will keep this updated,

Thanks

Chao

  • Nelson Morais's avatar
    Nelson Morais
    Copper Contributor
    Jul 21, 2017

    Hi Chao,

     

    No, it means it "unblocked" the Domain reservation of my customer and now he was able to accept the invite. You will need to check with MS support if your situatio is the same.

     

    MS also suggested:

    - to delete the accounts in my tenant for that Domain and resend the invites.

    - to always accept the invites in an InPrivate/Incognito browser session.

     

    My conclusion:

    If this error occurs again, create a support ticket with MS so that the domain can be "unblocked" and allow the registration process to succeed. This fix is done per Domain and is not a fix that "unblocks" any other scenarios having the same or a similar issue.

     

    I hope this helps others.

     

    Nelson Morais

    • Chao Wang's avatar
      Chao Wang
      Copper Contributor
      Aug 02, 2017

      Thanks Nelson

      I think I should keep this thread posted...

      After a few conversations with our MS AD support, I reached the following conclusion:

      1.  last September, MS stopped users with a Organisation/school account to regiter same email for a MS account. ( i actually like this, messy and confusion to have a organisation and personal account sitting for you to choose from...)

       

      2. for a company who's clean with MS, once a first user purchase a subscription from MS, in my case PowerBI for example. MS created a viral tenant for the company domain, say firstperson@mockdomain.com.au and add this first user to the AAD with that tenant.

       

      3. from there the entire domin @mockdomain has become verifed and reserved (as Organisation/school account? need to confirm with my support)

       

      3. the viral tenant has no administrator, so no one can actively add other users of same company to the AAD (I'll circle back to this point shortly)

       

      4. If we send B2B invitation to the very first user firstperson@mockdomain.com.au who purchased the subscription (who has been added to AAD behind secen), he/she can redeem our invitation successfully because their tenant AAd recognise this person.

       

      5. if we send B2B invitation to other users of the same domain say fifth@mockdomain.com.au, he/she will be redirected to their own AAD for authentication firstly, but as this email is not existed in theire AAD, it couldn't be recognised and will be requested to register a MS account, which is conflicting with point 1., and this is why the user can't pass the verfication code step.

       

      Our Ms tech support suggest that one of the client claim the admin permission of their tenant and add user accordingly as a solution, this is difficult in many situations especially the when the clients have no IT support.

       

      now circle back to point 3, I asked the support if the first purchaser invite all other users within their organisation to the product (PowerBI in my case), will this add their emails to their AAD (i assumed), and will this further enables them to redeem our B2B emails.... the support say 'probably'..., we haven't got any chance to test this...

       

      I will keep this updted, and would like to hear some feedbacks or even answers...

      thanks

       

       

       

       

       

       

       

      • Teemu Strand's avatar
        Teemu Strand
        Iron Contributor
        Sep 20, 2017
        Your findings are very interesting Chao, did you get any clarity to it?

        We are investigating using the B2B but are really concerned about how these "viral" or just-in-time AAD tenants are just spinned off and then no-one is managing them after they are created. Our clients are usually small companies who don't use AAD or don't even have know-how about it. I don't want our IT to become contact point of their users and their sign-in problems.

Resources