SOLVED
Home

Turning on Multi Factor Authentication breaks MS Teams

Highlighted
Chris Blaszczynski
Occasional Contributor

Turning on Multi Factor Authentication breaks MS Teams

Hi..  I have the Windows Teams app running, and then enforced MFA on my account. Now Teams is stuck in a loop asking me to login, and I click on the button "Login now" and it just restarts and comes back up.

 

It shows error code: 3399614476

 

I had to right-click to choose Logout, and then it restarts (by itself) and allows me to log in, and then sends my temp auth code to my device.

 

PROBLEM ALSO HOWEVER!!  is that it has no place to use my app code!

 

13 Replies

Re: Turning on Multi Factor Authentication breaks MS Teams

I use MFA on many of my/our tenants and Microsoft Teams works just fine. 

Have you 

1) tried to access it through the web?

2) tried to use the "log out" feature available when you right click the Teams logo in the system tray

3) uninstall and install the Teams app

Re: Turning on Multi Factor Authentication breaks MS Teams

I thought I mentioned in my post that I had to use Log out and then I could log in. But I'm explaining the user experience that is an issue.

 

 

Re: Turning on Multi Factor Authentication breaks MS Teams

So it seams that the Android version of MS Teams can't login at all, even using an app password as the PW.

Re: Turning on Multi Factor Authentication breaks MS Teams

Ya...  the app PW works fine for Skype 4 Biz on Android, but not at all for Teams on Android.

 

Re: Turning on Multi Factor Authentication breaks MS Teams

If you have AD FS enabled, make sure to go over this thread: https://techcommunity.microsoft.com/t5/Microsoft-Teams/Modern-Auth-fails-in-Teams/td-p/66213

Re: Turning on Multi Factor Authentication breaks MS Teams

That is complicated. (Typical Microsoft).

 

However the issue remains with Teams on Android, which is not related to any Windows domain setting.

Re: Turning on Multi Factor Authentication breaks MS Teams

I have users on Andrioid using MFA and Teams without issue.  

Re: Turning on Multi Factor Authentication breaks MS Teams

Same, as has all of our users.  It'd be mass chaos if Teams and Android didn't work.  People would be at my desk with pitchforks.

Re: Turning on Multi Factor Authentication breaks MS Teams

haha!

 

I was trying to look for this post in the huge forest of forums related to Microsoft and I just couldn't find it. I was going to update that it is working, but it wasn't until some update got applied to my Teams version. 

Solution

Re: Turning on Multi Factor Authentication breaks MS Teams

Hi. We just turned on Multi-factor authentication for my own account and this same problem occured. 

I was able to fix this by closing MS Teams, then delete every MSTeams entry in Credential Manager. Once I re-opened teams, the authentication window properly asked me to enter my code from my MS Authentication app.

Edit: (Added Credential Manager screens below)
Credential Manager stores your account credentials for the Web and other Windows services. You can open it by searching or running, Credential Manager.

Credential Manager.JPGW10 Search
Within Credential Manager, you will want to look at "Windows Credentials", and find the entries for anything relating to MSTeams. For each entry, click it to expand, and select "Remove".

Credential Manager Teams entries.png

 

Re: Turning on Multi Factor Authentication breaks MS Teams

For those who don't know, can you explain "delete every MSTeams entry in Credential Manager"?

 

Re: Turning on Multi Factor Authentication breaks MS Teams

Sure! Edited original reply with screens.

Re: Turning on Multi Factor Authentication breaks MS Teams

for those of you that prefer a scripting method, here is a powershell script that will do it: 

these 2 functions came from: https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde

 

function Enum-Creds
{
<#
.Synopsis
  Enumerates stored credentials for operating user

.Description
  Calls Win32 CredEnumerateW via [PsUtils.CredMan]::CredEnum

.INPUTS
  

.OUTPUTS
  [PsUtils.CredMan+Credential[]] if successful
  [Management.Automation.ErrorRecord] if unsuccessful or error encountered

.PARAMETER Filter
  Specifies the filter to be applied to the query
  Defaults to [String]::Empty
  
#>

	Param
	(
		[Parameter(Mandatory=$false)][AllowEmptyString()][String] $Filter = [String]::Empty
	)
	
	[PsUtils.CredMan+Credential[]] $Creds = [Array]::CreateInstance([PsUtils.CredMan+Credential], 0)
	[Int] $Results = 0
	try
	{
		$Results = [PsUtils.CredMan]::CredEnum($Filter, [Ref]$Creds)
	}
	catch
	{
		return $_
	}
	switch($Results)
	{
        0 {break}
        0x80070490 {break} #ERROR_NOT_FOUND
        default
        {
    		[String] $Msg = "Failed to enumerate credentials store for user '$Env:UserName'"
    		[Management.ManagementException] $MgmtException = New-Object Management.ManagementException($Msg)
    		[Management.Automation.ErrorRecord] $ErrRcd = New-Object Management.Automation.ErrorRecord($MgmtException, $Results.ToString("X"), $ErrorCategory[$Results], $null)
    		return $ErrRcd
        }
	}
	return $Creds
}



function Del-Creds
{
<#
.Synopsis
  Deletes the specified credentials

.Description
  Calls Win32 CredDeleteW via [PsUtils.CredMan]::CredDelete

.INPUTS
  See function-level notes

.OUTPUTS
  0 or non-0 according to action success
  [Management.Automation.ErrorRecord] if error encountered

.PARAMETER Target
  Specifies the URI for which the credentials are associated
  
.PARAMETER CredType
  Specifies the desired credentials type; defaults to 
  "CRED_TYPE_GENERIC"
#>

	Param
	(
		[Parameter(Mandatory=$true)][ValidateLength(1,32767)][String] $Target,
		[Parameter(Mandatory=$false)][ValidateSet("GENERIC",
												  "DOMAIN_PASSWORD",
												  "DOMAIN_CERTIFICATE",
												  "DOMAIN_VISIBLE_PASSWORD",
												  "GENERIC_CERTIFICATE",
												  "DOMAIN_EXTENDED",
												  "MAXIMUM",
												  "MAXIMUM_EX")][String] $CredType = "GENERIC"
	)
	
	[Int] $Results = 0
	try
	{
		$Results = [PsUtils.CredMan]::CredDelete($Target, $(Get-CredType $CredType))
	}
	catch
	{
		return $_
	}
	if(0 -ne $Results)
	{
		[String] $Msg = "Failed to delete credentials store for target '$Target'"
		[Management.ManagementException] $MgmtException = New-Object Management.ManagementException($Msg)
		[Management.Automation.ErrorRecord] $ErrRcd = New-Object Management.Automation.ErrorRecord($MgmtException, $Results.ToString("X"), $ErrorCategory[$Results], $null)
		return $ErrRcd
	}
	return $Results
}


function Get-CredType
{
Param
(
[Parameter(Mandatory=$true)][ValidateSet("GENERIC",
"DOMAIN_PASSWORD",
"DOMAIN_CERTIFICATE",
"DOMAIN_VISIBLE_PASSWORD",
"GENERIC_CERTIFICATE",
"DOMAIN_EXTENDED",
"MAXIMUM",
"MAXIMUM_EX")][String] $CredType
)

switch($CredType)
{
"GENERIC" {return [PsUtils.CredMan+CRED_TYPE]::GENERIC}
"DOMAIN_PASSWORD" {return [PsUtils.CredMan+CRED_TYPE]::DOMAIN_PASSWORD}
"DOMAIN_CERTIFICATE" {return [PsUtils.CredMan+CRED_TYPE]::DOMAIN_CERTIFICATE}
"DOMAIN_VISIBLE_PASSWORD" {return [PsUtils.CredMan+CRED_TYPE]::DOMAIN_VISIBLE_PASSWORD}
"GENERIC_CERTIFICATE" {return [PsUtils.CredMan+CRED_TYPE]::GENERIC_CERTIFICATE}
"DOMAIN_EXTENDED" {return [PsUtils.CredMan+CRED_TYPE]::DOMAIN_EXTENDED}
"MAXIMUM" {return [PsUtils.CredMan+CRED_TYPE]::MAXIMUM}
"MAXIMUM_EX" {return [PsUtils.CredMan+CRED_TYPE]::MAXIMUM_EX}
}
}
Enum-Creds | where {$_.TargetName -match 'msteams'} | %{ Del-Creds -Target $_.TargetName }
Related Conversations
Surface Pro 3 Screen Issue
Han Lee in Surface Pro on
1 Replies