Forum Discussion

Busted1942's avatar
Busted1942
Brass Contributor
Feb 10, 2020

Misleading Error Message 53004

I wanted to document an issue I have spent a few months on (off and on) in hopes that the error messaging might be improved.  The use case is that I can sign-in to Teams however, when I tried to swit...
developer
Guest Access
microsoft teams
Busted1942's avatar
Busted1942
Brass Contributor
Apr 16, 2020

Tomaszfand @Gousia_Begum,

 

Trigger a risky user sign-in event to show up for a test user in Azure Portal>Azure Active Directory>Security>Risk Detections and then try to change Orgs with that user in MS Teams.

Tomaszf's avatar
Tomaszf
Copper Contributor
Apr 16, 2020

Busted1942 

 

thanks

 

i got other kind of issue, maybe i can shortly describe it.

external user(customer) cannot log in to our tenant (Teams/AzureDevOps) with his account.

when loggin in hes asked to provide MFA and so on. but he CANT - its not possible because he cannot login to set mfa..so we have a loop.

so i created another user in his tenant, logged into mine - works...so hes using this second account.

 

maybe you can advise me what to do...some users are asked to provide MFA some not.

in conditional access policy i have excluded external users

 

 

 

 

Ihre Anmeldung wurde gesperrt
Bei dieser Anmeldung ist uns etwas Ungewöhnliches aufgefallen. Dies kann beispielsweise auf eine Anmeldung über einen neuen Ort, ein neues Gerät oder eine neue App zurückzuführen sein. Bevor Sie fortfahren können, müssen wir Ihre Identität überprüfen. Wenden Sie sich an Ihren Administrator.
https://login.microsoftonline.com/1f5f7c94-26bf-4752-8f12-e2844e5682b8/reprocess?prompt=select_account&sosid=2ae752e2-9005-4cf0-8943-2fbe0df729e4&ctx=rQIIAYWQvUscQRjGd27vzrsjELEIEogobCGR2Z2Znc8DISJc5PxCUsQiFjuzs1mFY_V2JcE_QCwtg2WKFJYWIpoiaa0sRQRbEQRLSyd_QXjhgZf3fR5-PJ0GDlGo3vs4xN2A2dhYbhAkGmeQEsmgTKmGglkrpJuY8uFYZ3Tly-mrd4-dD2dTjb_PG_O_joB3DCbyqtouu1FU2WRQhoNNMyzKIqtCUwyir8UZAFcA3ANwXAssYQYzTqFEjEEaMwUTYxNIdawUS0nCubipvV6d261y8k-K4eaePfKDVGCEcKqdMXWAkiRQOlZouNaSq1RklJ_4Ac5YJoyikHDt3gQjUGaYQEskpZZx55HnfkAS606WQIWQwzAZglLRGJJMW5cviLL02gdXdfBQf9MCo954e9KbHkF-t9XquM2b9J7r4GfDNTL87V38ud1f-XE3eFvF3LtsRGusXNIL-c56r9rtf56hvcX1aPlTviC-b8mPi6s0UUs7vWWRb1XfZnkXHzabl81av3xqgoMR77z9nzpfAA2
https://login.microsoftonline.com/1f5f7c94-26bf-4752-8f12-e2844e5682b8/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=d71001db-80df-482a-82b1-c6bb869d7f46&&client-request-id=0cb65c4e-ed1d-400a-b821-05c1f85d43a6&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=e25c1564-8055-4359-acea-4b3995d2a667&domain_hint=#
Request Id: bb00bc72-dcc0-4e86-98df-6d1a74333600
Correlation Id: 0cb65c4e-ed1d-400a-b821-05c1f85d43a6
Timestamp: 2020-03-24T09:03:04.003Z
App-Name: Microsoft Teams Web Client
App-ID: 5e3ce6c0-2b1f-4285-8d4b-75ee78787346
IP-Adresse: 77.20.253.212
Gerätebezeichner: Nicht verfügbar
Geräteplattform: Windows 10
Gerätestatus: Unregistered
Erweiterte Diagnose: https://login.microsoftonline.com/common/debugmode
Wenn Sie Support zu einem Problem anfordern möchten, aktivieren Sie diese Option, und versuchen Sie, den Fehler zu reproduzieren. Auf diese Weise werden zusätzliche Informationen gesammelt, die zur Problembehandlung beitragen
  • Busted1942's avatar
    Busted1942
    Brass Contributor
    Apr 16, 2020

    Tomaszf,

     

    Did you check risky sign-ins for an event with his username?  Resolving the risky user sign-in was the resolution in my case when there was no other clues on where to look.  You can find that under Azure Portal> Azure Active Directory> Security> Risky users...

    • Tomaszf's avatar
      Tomaszf
      Copper Contributor
      Apr 16, 2020
      yes - there is no info
      • Busted1942's avatar
        Busted1942
        Brass Contributor
        Apr 20, 2020

        Tomaszf,

         

        You are experiencing the same frustration I did and are being mislead by the same error message in my opinion.  In my case, it was the account in my tenant trying to auth as a federated user into another tenant that triggered that error message, again, in my source tenant.  When you checked for risky sign-ins, did you check in the user's source (Federated or guest) Tenant if they had a risky sign-in event or were you checking in your tenant where you are trying to share the resources from? 

         

        If you don't see a risky sign-in event in either tenant, I am not sure what else might be going on and my next step would be to open a support ticket.  Again, where it me, I'd open it as an Azure auth incident be prepared for the likely hood of being bounced around from support group to support group for a month or two as you stay on top of them, not allowing them to close the incident and escalating as needed.  It took me months to resolve this for our Tenant but I eventually got to a person who knew enough to give me a few clues to resolve it for myself.

Resources