Forum Discussion
Teams / Federation Authentication / MacOS X Customer
Hi,
this question is initially posted in the answers forum:
Teams / Authentification Fédéré / Client MacOS - Microsoft Community
"We have been having federated connection issues with Teams only since MAC OS X since the last version of the customer. The web connection works without worries.
We get an error code: -1200
We use Azure AD Connect to populate our AzureAD, and federal authentication to authenticate (sic) our users. No problems on Windows Linux or Android iOS customers....
When we search the customer's logs, we find some strange messages:
Wed Feb 03 2021 21:59:59 GMT-0100 (Central European Standard Time) <17495> -- info -- Modern authentication has failed, but you will still be able to log in. The code for your status is 2:-1200. diag:0Wed Feb 03 2021 21:59:59 GMT+0100 (heure normale d'Europe centrale) <17495> -- event -- Microsoft.ADAL.x_client_cpu: 32, Microsoft.ADAL.x_client_os: 10.15.7, Microsoft.ADAL.api_error_code: -1200, Microsoft.ADAL.status: failed, Microsoft.ADAL.authority_type: aad, Microsoft.ADAL.response_time: 22912.654996, Microsoft.ADAL.ntlm: , Microsoft.ADAL.request_id: AF600A59-0E77-4AA0-BE42-74D7CCAE05A6, Microsoft.ADAL.is_successfull: no, Microsoft.ADAL.api_id: 133, Microsoft.ADAL.extended_expires_on_setting: no, Microsoft.ADAL.error_domain: NSURLErrorDomain, Microsoft.ADAL.prompt_behavior: AD_PROMPT_AUTO, Microsoft.ADAL.authority_validation_status: yes, Microsoft.ADAL.x_client_sku: OSX, Microsoft.ADAL.x_client_ver: 4.0.9, Microsoft.ADAL.cache_event_count: 4, Microsoft.ADAL.correlation_id: D747B73D-AD0B-452F-A357-1E8A063C4FC2, Microsoft.ADAL.ui_event_count: 1, vdiMode: 0, eventpdclevel: 2,Wed Feb 03 2021 21:36:02 GMT+0100 (heure normale d'Europe centrale) <17233> -- event -- Microsoft.ADAL.prompt_behavior: AD_PROMPT_AUTO, Microsoft.ADAL.oauth_error_code: , Microsoft.ADAL.response_time: xxx xx xxxx, Microsoft.ADAL.is_successfull: no, Microsoft.ADAL.correlation_id: 8A1CB0A7-D37C-494C-B387-E36C1874E682, Microsoft.ADAL.request_id: F734D42E-4D0F-4F78-93E4-AE8008D604E1, Microsoft.ADAL.api_id: 9, Microsoft.ADAL.api_error_code : AD_ERROR_SERVER_USER_INPUT_NEEDED, Microsoft.ADAL.authority_type: aad, Microsoft.ADAL.extended_expires_on_setting: no, Microsoft.ADAL.x_client_cpu: 32, Microsoft.ADAL.authority_validation_status: yes, Microsoft.ADAL.cache_event_count: 4, Microsoft.ADAL.response_code: 200, Microsoft.ADAL.x_client_sku: OSX, Microsoft.ADAL.x_client_os: 10.15.7, Microsoft.ADAL.x_client_ver: 4.0.9, Microsoft.ADAL.status: failed, Microsoft.ADAL.error_domain: ADAuthenticationErrorDomain, Microsoft.ADAL.http_event_count: 1, vdiMode: 0, eventpcledvel: 2,"
the first reflex was removing cached data in these directories:
~/Library/Caches/com.microsoft.teams
~/Library/Caches/com.microsoft.teams.shipit
~/Library/Application Support/Microsoft/Teams
~/Library/Application Support/Microsoft/Teams/Application Cache/Cache
~/Library/Application Support/Microsoft/Teams/blob_storage
~/Library/Application Support/Microsoft/Teams/Cache
~/Library/Application Support/Microsoft/Teams/databases
~/Library/Application Support/Microsoft/Teams/GPUCache
~/Library/Application Support/Microsoft/Teams/IndexedDB
~/Library/Application Support/Microsoft/Teams/Local Storage
~/Library/Application Support/Microsoft/Teams/tmp
thanks in advance!
- I discovered exact the same problem - always "white screen" and Error 1:403 when closing MS-TEAMS !
In the Log-File always "AD_ERROR_SERVER_USER_INPUT_NEEDED" occurs as the "aquireTokenSilentwithRessource" gets called instead of "aquireTokenwithRessource" !!
I tried everything -> delete/reinstall TEAMS, deleting keychaines, caches, library/Application Support" as mentioned in near every article when running into issues with MS-TEAMS on MacOS.
finally I found the problem: we use "NoMAD" for managing our AD Kerberos Tickets on our company Mac's - when logged into "NoMAD" with my AD-User I don't get the "Prompt" for re-authenticating within MS-Teams - if I don't login into "NoMAD" everything works as it should - first starting MS-Teams and ONLY AFTERWARDS logging into "NoMAD" !!!
this issue caused me all my nerves, as I could only use the browser based Version of MS-Teams and not the DesktopVersion.
This leads to the question if this is a bug only with NoMAD and MS-Teams, or with every AD-Helper installed to MacOS ??? Thanks mouadcherkaoui for the post !
We are wondering if this is related to any security parameter regarding SSL or something else. The process of authentication is :
Azure -> SAML Portal -> CAS Portal -> SAML Portal -> Azure.
The login process is broken somewhere between Azure and the CAS portal since the login page does not even pop up.
The login window does not allow the use of DevTool or any shortcut to show the URIs that TeamsApp is trying to consult. Nothing in the log files except the errors show in the first post.
A support ticket is opened since last week.
Regards,
GS.
it's all my pleasure! Welcome!
I think since it is working on other platforms then it should be more about macOS use case, which handles keychains and caches them its way, can you create a user account and see if it works! I shared in the "answers forum" a resolution which in addition to removing cache files suggest to use the Keychain Access "Trousseau d'accès" tools to remove cached credentials there too:
the Niklas Blomqvist answer is also interesting:
- Start Teams
- Click the Teams app in the dock 5 times
- Click the "Development" option in the menu bar
- In that menu you have an entry called "Auth". I tried clicking all the "Call ipc" for different auth methods (I can't reproduce the menu as of right now, since I'm logged in and there are additional steps to see those entries when logged in)
- However, BEFORE you try any Auth-entries, go to "hooks" and "enableMacNativeNotifications" (I think the name was) to get native macOS notifications 🙂
hope it helps!
Hello,
I tried to enable enable Mac Native Notification, but did not change anything.
This is the Auth Menu, I tried clicking all items, one by one, enter my UPN, and It failed.
Also tried to remove all the diferent caches files suggested in the other post, and also deleted any Teams entry in my Keychain, but It did not change anything !
Regards,
GS
