SOLVED

Unable to login to Windows 10 build 18329 or 18334 with Office 365/Azure AD account.

Copper Contributor

After upgrading to Insider Preview Build 18329 or 18334 I can’t access my Office 365/Azure AD account. After the upgrade finishes, I am able to login using my Office 365/Azure AD account with a PIN. When logged on I am able to lock the system, but then I am only able to unlock the system using my password. After a reboot, my Office 365/Azure AD account is shown but my password keeps complaining that it’s incorrect. After logging in using an offline admin account, I am unable to add any Office 365/Azure AD account. When I reboot at this point, the system has removed the other Office 365/Azure AD user account from the login screen completely.

My Office 365/Azure AD account is configured with MFA, but this is not used to login to Windows 10.

When I reset my system back to the previous build, everything works like a charm.

Does anyone have an idea what’s going on?

4 Replies
best response confirmed by Gerben Hameetman (Copper Contributor)
Solution

Hey Gerben In you Settings --> Accounts Access Work or school page do you see your connection properly to Azure AD Does it show like the first pictureStillconnectedtoAzureadNOT.jpg or the second.  If its like the 2nd picture your connection to NowConnectedtoAzuread.jpgAzure AD is most likely correct - you can also verify this at the command line with DSREGCMD /status This should help validate your Azure Join. I suspect something is not valid, possibly you are connected Via MDM or some other process and that the domain join is some how broken. If you have another Azure AD account, I would add that user to the Computer and see if they get the PIN process via the login and validate that part is working, you could then remove that user that the Pin isn't working on and then re Add them and the PIN process should re validate - The local windows profile should stay intact though having a backup is advisable. Let me know how you make out! - MurrayAddAnotherUser.jpg

 

 

I will take a look at your tips.

What I did try is to add another user out of Azure AD after the upgrade, this didn't work because it couldn't find any Azure AD. I tried multiple accounts.

So I ran into this issue and it appears your machine may be suffering from the same thing.  Most likely what has happened is that at some point in time after you joined Azure AD your machine was renamed, and if you can believe it, Windows 10 doesn't have (yet) a mechanism for renaming it in Azure AD that is part of the rename computer procedure!  I blogged the solution here https://www.onthewinside.com/blog/i-figured-out-error-code-caa5004b

It has worked for a few people so I would check it out.

Murray

The problem is solved.

 

After looking into the Azure device registrations, I found that my device was registered at multiple Office 365/Azure AD environments. I removed all the registrations except the one that I'm using to log into my Windows 10. My system did indicate that my system was joined to Azure AD domainX with user SomeUser@domainY.com, which was odd.

 

The Azure AD links were inserted when I used my Office (Word/Excel/PowerPoint) with different Office 365 environments. It would ask me if I would like to allow my company to manage my system or simply allow this app to use the Office 365 account. Next time, I would only allow the application and not connect my Windows 10.

 

Thank you for your responses!

Kind Regards.

1 best response

Accepted Solutions
best response confirmed by Gerben Hameetman (Copper Contributor)
Solution

Hey Gerben In you Settings --> Accounts Access Work or school page do you see your connection properly to Azure AD Does it show like the first pictureStillconnectedtoAzureadNOT.jpg or the second.  If its like the 2nd picture your connection to NowConnectedtoAzuread.jpgAzure AD is most likely correct - you can also verify this at the command line with DSREGCMD /status This should help validate your Azure Join. I suspect something is not valid, possibly you are connected Via MDM or some other process and that the domain join is some how broken. If you have another Azure AD account, I would add that user to the Computer and see if they get the PIN process via the login and validate that part is working, you could then remove that user that the Pin isn't working on and then re Add them and the PIN process should re validate - The local windows profile should stay intact though having a backup is advisable. Let me know how you make out! - MurrayAddAnotherUser.jpg

 

 

View solution in original post