Share via

when I try to connect to the VPN, first my browser opens a tab to login.microsoftonline.com, then I get redirected to an error page that reads: Authentication failed. You can return to the application. Feel free to close this browser tab. Error details:

Sindhuja Chandrasekaram 0 Reputation points
2026-02-27T14:22:21.31+00:00

when I try to connect to the VPN, first my browser opens a tab to login.microsoftonline.com, then I get redirected to an error page that reads:

Authentication failed. You can return to the application. Feel free to close this browser tab.

Error details: error invalid_client error_description: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: c63xxxxxxxcf-b95ad541b5c8(Azure VPN). Resource value from request: 41b23xxxxx7-cd054e0ed4b4. Resource app ID: 41b23e61-6xxxxx367-cd054e0ed4b4. List of valid resources from app registration: . Trace ID: a6eb5f1e-4d67-47eaxxx3f5f00 Correlation ID: 8bexxxxxx9a1b0 Timestamp: 2026-01-21 11:24:44Z
Azure VPN Gateway
Azure VPN Gateway

An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vallepu Venkateswarlu 5,795 Reputation points Microsoft External Staff Moderator
    2026-02-27T17:21:47.7833333+00:00

    Hi @ Sindhuja Chandrasekaram,

    Welcome to Microsoft Q&A Platform.

    It looks like your Azure VPN client is tripping over an AADSTS650057 “Invalid resource” error—basically the client app (ID c63…cf-b95ad541b5c8) is asking for a token for resource 41b23…ed4b4, but that resource isn’t registered in the app’s API permissions.

    In order for a client application to sign in and get an access token for a resource, the resource must be assigned the required API permissions that the client application requires, such as access to Azure VPN .

    Ref: Verify if the resource exists in your tenant
    User's image

    Verify the App Registration :

    Go to Azure portal > Azure Active Directory > App registrations > select your VPN client app (ID c63…cf-b95ad541b5c8). > Under “API permissions,” confirm that the resource App ID (41b23e61-6…-cd054e0ed4b4) is listed.

    If it’s missing, click “Add a permission” > “My APIs” (or “APIs my organization uses”) and add the resource by its Application ID URI. >Grant admin consent for that permission.

    Re-export & Import Your VPN Profile :

    • After you’ve updated permissions and consented, go back to your VPN Gateway’s Point-to-Site configuration.
    • Download the VPN client package again so the XML profile reflects the new resource.
    • Import that fresh profile into your Azure VPN Client and retry the connection.

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.