Cloud Sync Question - PHS Support

Phil Danbury 0 Reputation points
2023-04-25T15:25:41.6466667+00:00

Hello! I am currently testing Cloud Sync and am seeing the following error when trying to sign-in with a test user who has been synced from a Server 2019 AD (On-Prem): AADSTS80018: Unauthorized or forbidden access of encryption keys. This error does not show in the browser, I had to use Fiddler to get the underlying error. The browser says:
"Sorry, that didn't work. Please go back to Office.com and try again. Thanks." Seems to me that the user is unable to access their Password Hash that has been synced from the On-Prem AD. Has anyone seen this before?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,185 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 29,676 Reputation points Microsoft Employee
    2023-04-27T07:32:42.65+00:00

    Hi @Phil Danbury Thank you for reaching out to us, As I understand you are trying to troubleshoot this error "AADSTS80018" occurs when user trying to access the portal. As you mentioned you have cloud sync deployment, this is a very unique error, not much information mentioned about this.

    However would like to start the basic troubleshooting by following the steps mentioned in this section "Object synchronization problems" Also you can review the Provisioning logs, which provides detailed information on the state of the objects being synchronized between your on-premises Active Directory environment and Azure.

    If still the above information doesnt help, we can connect offline to troubleshoot this issue further.

    You can reach out to me by sending email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:Givary"

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.