Issues Authenticating to Azure AD from MS Word

Michael Raisbeck 1 Reputation point
2020-10-13T15:34:19.01+00:00

Afternoon All,

So we use AWS RDS and for the past 2 months we have had intermittent issues with ie11 and also opening documents from SharePoint Online. (used RDS for over a year)

Issue 1:

This happens intermittently across the AWS RDS environment it is a new issue for us - and doesn't affect every user at the same time, a user log's into SharePoint online no issues loading or authenticating, but when they open a document from a SharePoint library it immediately prompts for MS office, a user enters their email address then the prompt closes and the user is not asked for any prompts to enter O365 password or redirect to ADFS, then the documents fails to load with no errors.

Issue 2

We use IE11 (Cannot move away from this at present) a group policy is set to open our company SharePoint Online Site, some users get 403 Forbidden, we cannot work out why our SharePoint Online URL gets 403 Forbidden for some users but not for others - All on the same domain across our 3 AWS RDS's (This runs fine in private mode, All add-ons have been disabled and reset cache etc and checked all IE security settings)

Error From Event Log

Error: 0x80090010 Access denied.

Access denied.

Exception of type 'class WinRTException' at oauthtokenrequestbase.cpp, line: 733, method: OAuthTokenRequestBase::QueryTokenBindingKeyId::<lambda_xxxxxxxxxxxxxx>::operator ().

Log: 0x8aa5007f Unable to create a Token Binding Key.
Logged at oauthtokenrequestbase.cpp, line: 733, method: OAuthTokenRequestBase::QueryTokenBindingKeyId::<lambda_xxxxxxxxxxx>::operator ().

Request: authority: https://login.microsoftonline.com/common, client: xxxxxxxxxxx, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/Xxxxxxxxxxx, resource: https://outlook.office365.com/, correlation ID (request): xxxxxxxxxxxxxx

We have got to a point, where we are out of idea's and don't know how to proceed.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,155 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,627 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Elsie Lu_MSFT 9,751 Reputation points
    2020-10-14T06:15:34.013+00:00

    Hi @Michael Raisbeck ,

    This issue seems to be related to permissions and undiscovered configuration errors. You can have a try to check if the users have enough permissions. However, based on the whole description, I would suggest you to open a service request on this issue for more help.


    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Michael Raisbeck 1 Reputation point
    2020-11-22T11:42:40.22+00:00

    Hi ElsieLu Msft

    The users defiantly have enough permissions, as they will log on later that day and won't be prompted and can access the file or Sharepoint site.

    We raised a support ticket which went no where as we didn't have the correct support plan, so we are currently left with a solution that authenticates when it pleases - thank you for your help though :)

    apologies for the slow response new to the community and only just found my way back to this post.

    0 comments No comments