Can't login into Admin App anymore

Copper Contributor

I'm a global Admin of an Office 365 Tenant, and the admin app used to work fine on my Android device.

But it doesn't work anymore. On the Android (6.0) device I get an error telling me "Unauthorized. Couldn't verify your user role. Please try again later.". The same on iOS (11.4, in German): "Nicht autorisiert. Ihre Benutzerrolle konnte nicht überprüft werden. Versuchen sie es später noch einmal".


I can't find any information about this error message, it's also not listed in the troubleshooting article:

Login to the admin control panel via web browser works fine as always. But this error message appears for quite some months now and it's a real pain not being able to do quick adjustments directly in the app anymore.


Does anyone know how to fix that?

4 Replies

Seems to work fine here (Android 7.0). Try signing out of the app, if that doesn't help reinstall it?

Sorry for the late reply. Thanks, but reinstalling the app neither worked out on Android nor on iOS.

Not sure if that makes any difference: It's an Office 365 plan for a Nonprofit Organization (E1 Nonprofit plan).

Shouldn't make a difference afaik. But I don't really know what else you can do to troubleshoot this, the joys of using mobile apps... Open a support case?

I guess I finally found out what's the problem. We added a new domain some time back and switched all user-ids / primary addresses to the new domain and with that also our naming scheme changed from forename@... to forename.surname@.... That worked out pretty smooth. Since then I'm using my new user-id for logging in.
For testing I just re-activated an old deactivated an blocked global admin account, which was already inactive when we switched and therefore is still using the old domain. That one works perfectly within the app.
Therefore I guess the switch of the domain left some remnants of the old user-id causing issues regarding the app login, but not the login via the web interface or Exchange. I just checked in the Azure AD shell. The fields UserPrincipalName, WindowsLiveID, MicrosoftOnlineServicesID and WindowsEmailAddress contain the correct new address while DistinguishedName still contains the old name and domain. The fields Identity, Id and Name still show the old name.
Right now it seems that admin accounts, for which name and domain changed can't log into the app anymore (new-name@new-domain causing the above error, old-name@old-domain and old-name@new-domain cause invalid password errors). Admin accounts, whose name and domain hasn't changed can login.

Do I really need two admin accounts if I also want to use the app? Or is there a better way? Any ideas?

Yes, I could open a support case. But since we're grateful that we get this IT solution for free (we probably couldn't afford to buy it) it doesn't feel right to open support cases issues just regarding convenience and not fundamental problems.