Forum Discussion

nhtkid's avatar
nhtkid
Iron Contributor
Apr 26, 2020

JAMFAAD Sign-in error

Dear Forum Members,

I have been getting Sign-in errors for Mac users and I have no clue where to start for the troubleshooting. The configuration on the JAMF side looks solid.

Below are the errors I have been getting from AAD Sign-in section, and they are for the same user. Those errors all point to the JAMF Native MacOS Connector. The user experience is that they are constantly getting prompted to sign in to Microsoft when using O365 Apps on the Mac. The Microsoft Sign-in windows will just stuck on the page saying "Help us keep your device secure" with no errors. The App ID on this page also points to the same MacOS Connector, but Device State shows as: Unregistered. The same Mac device in Intune actually shows up as enrolled and compliant. Does that mean we need to re-register the device with Intune?

Thank you all very much!

 

Status
Interrupted
Sign-in error code
50097
Device Authentication Required - DeviceId -DeviceAltSecId claims are null OR no device corresponding to the device identifier exists.
 
Status
Interrupted
Sign-in error code
50058
Failure reason
The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.
Intune
Jamf
    • nhtkid's avatar
      nhtkid
      Iron Contributor
      Aug 18, 2020

      Jezper I wouldn't call that a solution. The workaround is to delete Azure and Intune device object and let MacOS enroll with Intune again. We still don't know what it happens in the first place with NoMAD.

      What is your experience?

       

  • Mark_K33's avatar
    Mark_K33
    Copper Contributor
    Oct 27, 2020

    I received the same error code. I'd try to sign in to office 365 within my Office 365 apps on my mac and despite entering all the correct credentials and the one time passcode sms'd to my phone I'd either be returned to the 'enter password' page or the spinner would just spin with no result. 

     

    The answer was to delete entries in Keychain associated with older login credentials. 

     

    1. Use spotlight (command+spacebar) to search for Keychain Access

    2. Open Keychain Access

    3. Within Keychain Access search for 'Exchange'

    4. Delete all search results. 

    5. Repeat steps 3 & 4 using search terms 'Office' and 'adal'

     

    Kind regards

     

    Mark

Share

Resources