invalid_resource: AADSTS500011: The resource principal named https://[xxx] was not found in the tenant named [zzz].

Question

Note: I have introduced placeholders [xxx], [tenant id], [application id], [zzz], cause this is a public support request.

High level

We want to give Excel access to our business data for reporting using the Excel OData feed, and authenticate using an "Organizational account".

What we are doing

We are hosting our data feed at "https://[xxx]/odata/TestQuery". Right now the response is hardcoded for "401 Unauthorized", and contains the header value:

www-authenticate: Bearer client_id="[application id]", authorization_uri="https://login.microsoftonline.com/[tenant id]/oauth2/v2.0/authorize"

When we try to access this resource using OData feed interface using Organization account, we are redirected in Excel to the authorization URI. I am able to log in using my @[xxx] account that is associated with the tenant "[tenand id]". However, I get the following message: invalid_resource: AADSTS500011: The resource principal named https://[xxx] was not found in the tenant named [zzz]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 3ea01ca0-90ff-4c7a-ba2b-9a2884331700 Correlation ID: 543ed016-e2f7-4ffa-85fa-f2679c4190c0 Timestamp: 2025-02-14 22:25:53Z.

What we would expect to happen

I would expect that after signing in, Excel (the client) would try to access our resource at "https://[xxx]/odata/TestQuery" again and include the Bearer token that was acquired using the OAuth 2.0 flow. We can then validate the correctness of the token, and grant access to the data. The app is registered in Entra, the client ID is "[application id]", the app is called "reporting". We have tried nearly every thing imaginable. How can we get past the error? Do I have the right mental model of the authentication flow?

Answer 1

Hello @Lukas Steiblys,

Based on the error message code AADSTS500011 what you are getting, please check the below causes and resolution.

Cause

This issue occurs if the resource principal (the application or service) is not found in the tenant. This issue occurs if:

• The resource application isn't provisioned by the administrator in the tenant.
• The resource application isn't consented to by any user in the tenant.
• The resource URL is not configured correctly.
• The tenant ID is not correct.

Resolution

To resolve this issue, follow these steps:

1. Verify resource application provisioning:
   • Make sure that the application (resource principal) is registered correctly in your Microsoft Entra ID tenant.
   • Go to the Azure portal, and navigate to Microsoft Entra ID > Enterprise applications.
   • Check whether the application is listed and correctly configured.
2. Consent to application:
   • Make sure that the resource application has been consented to by an administrator or a user in the tenant.
   • Go to the Azure portal, and navigate to Microsoft Entra > Enterprise applications.
   • Find the application, and make sure that it has the necessary permissions and consent.
3. Check resource URL:
   • Verify that the resource URL that appears in the error message matches the resource application that you provisioned in your tenant ID.
   • Make sure that the authentication request is sent by using the correct resource URL.
4. Check tenant ID:
   • Verify that the tenant ID that appears in the error message is the same as your tenant ID.
   • Make sure that the authentication request is sent to the correct Microsoft Entra ID tenant.

Reference document for this error code AADSTS500011 is attached below.

Error AADSTS500011 - Resource Principal Not Found | Microsoft Learn

I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".