Two of our users are getting the AADSTS165000 error page when signing in at portal.office.com

ACollingwood 0 Reputation points
2025-05-09T11:25:16.7933333+00:00

Hope this may be the correct area to post this - it's a bit of a mad one!

Two of our users (a staff member and pupil) are getting the following error when signing in to portal.office.com, OneDrive, or SharePoint on their iPad's browser...

AADSTS165000: Invalid Request: (The user session context is missing. One or more of the user context values (cookies; form fields; headers) were not supplied, every request must include these values and maintain them across a complete single user flow.

When I look at the sign-in logs against either user and find the sign-in failure, the error code I get is 399218.

This error appears to only happen on iPads (we've tested multiple iPads, too), and on both our Smoothwall Browser (based on Safari) and Google Chrome. No matter whether we clear the browser cache completely, fully wipe the iPad, or try private browsing, the error still persists.

Interestingly, when I sign in as a user that isn't having issues, then sign them out and sign the problematic user in, it works. I'm at a total loss as to what's causing the issue. There's no discernible difference between the working pupil account and the non-working account, either!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator
    2025-05-12T07:48:33.0766667+00:00

    Hello ACollingwood,

    We understand that few users are getting AADSTS165000 - Invalid request error while accessing Office applications.

    And this issue is happening only while using iPads with Smoothwall browser and Google chrome.

    You are able to access applications on the same platform and effected users are able to access when they sign-in after your activity.

    This happens on iPad browsers as they fail to maintain session cookies during authentication flow. But in your case few users are able to access and issue is only with few users.

    And let us know the behavior when the effected user tries to access through Edge browser instead of Safari.

    And I request you to exclude the below Microsoft URLs from SmoothWall content filtering.

    login.microsoftonline.com

    login.live.com

    *.office.com

    *.microsoft.com

    *.sharepoint.com

    Please let me now if you have same kind of permissions on the device as other two users. (Do you have administrator permission on the device, and they have only user level permission)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.