Can't access Azure Directory due to repeating AADSTS50000 error

Question

Hi,

I'm trying to setup some resources in my personal Azure subscription. I am able to authenticate in other MS sites, and have even been able to login to the portal a few times. However, it prompts me that I have no subscriptions, due to not having a directory selected.

Upon selecting a directory in the Switch Directory page, this AADSTS50000 error comes up.

I have tried

• Resetting my password
• Deleting cookies
• Incognito browser
• Setting up additional auth settings
• Seeing how other people fix this issue online, nothing concrete to attempt (seems like internal issue?)

Please advise how to investigate this issue or who to contact, as using the support contact number has led to nothing useful. Also the Azure portal support page has the same error.

Troubleshooting details

If you contact your administrator, send this info to them.

Copy info to clipboard

Request Id: fa0169d0-68d0-498f-8540-11c687bc4d00

Correlation Id: 019dc4f0-7dee-7376-a9b2-23da6b7ba9fd

Timestamp: 2026-04-25T13:59:49Z

Message: AADSTS50000: There was an error issuing a token or an issue with our sign-in service.

Answer 1

Might be a transient issue unless someone actually looked at this.

My directory is now working as expected

Answer 2

The AADSTS50000 error indicates a token issuance or sign-in service issue and can have several causes. Based on the described behavior (sometimes reaching the portal, seeing “No subscriptions found,” then getting AADSTS50000 when switching directory), the following areas should be checked.

1. Verify the Azure directory and subscription association

• Sign in to the Azure portal using a private/incognito browser session (to avoid cached accounts and cookies).
• In the top-right corner, open the account menu and select Switch directory.
• Ensure the directory that actually contains the personal subscription is selected. If the wrong directory is selected, the portal shows No subscriptions found.
• If the correct directory is selected and the error persists, the account might not have sufficient permissions on any subscription in that directory. In that case, the account must be assigned at least the Owner role (or another appropriate role) on the subscription.

2. Address “No subscriptions found” specifically The “No subscriptions found” message is expected if either:

• The wrong directory is selected, or
• The account has no access to any subscription in the selected directory.

The documented resolution is:

1. Select the correct directory from the account menu → Switch directory.
2. If the correct directory is already selected and there is still no subscription visible, have the account assigned the Owner role on the subscription.
3. Common AADSTS50000 causes to check If AADSTS50000 appears when switching directories or acquiring a token, the following documented causes should be considered:

• Cause 1: Password issues
  • Even if sign-in works elsewhere, a hybrid or federated setup can cause token issues if the password is expired, invalid, or out of sync between on-premises AD and Microsoft Entra ID.
  • Resolution: Reset the password and confirm that the new password can authenticate to Microsoft Entra ID.
• Cause 2: Misconfigured parameters in token acquisition
  • Typically affects custom apps or on-behalf-of (OBO) flows. If any custom client or script is involved in sign-in, ensure the client ID and all required parameters are valid and correctly configured.
• Cause 3: Consent-related issues
  • If sign-in uses device code or delegated flows to a specific application, verify that the application’s service principal exists in the tenant and that the user is allowed to consent to it (check Enterprise applications → app → user consent settings and any relevant policies).
• Cause 4: Symmetric signing key in app or service principal
  • If any custom application is involved in the sign-in path, check its app registration and service principal for symmetric signing keys (type=Symmetric, usage=Sign) and remove them, replacing with a certificate-based signing key if needed.
• Cause 5: Missing delegated permissions on a resource API
  • If sign-in involves a multitenant web API and delegated OAuth flows using /.default, ensure that the resource application exposes delegated permissions and that the client app has consent to them.

4. Browser/account conflicts If multiple Microsoft accounts are used in the same browser, automatic sign-in with the wrong account or directory can cause confusing behavior:

• Clear browser cache and cookies for Microsoft/Azure domains.
• Use a private/incognito window and sign in with only the intended account.
• If automatically signed in as a different user, explicitly sign out of all Microsoft accounts, then sign back in with the correct one.

5. When self-service steps are exhausted If the correct directory is selected, the account has the right role on a subscription, password has been reset, and the issue persists across clean/incognito sessions, the remaining step is to open a support request with Microsoft, referencing the AADSTS50000 error and including the Request Id, Correlation Id, and Timestamp from the error page so support can trace the failing token issuance in the backend.

---

References:

• Error AADSTS50000 getting a token or signing in to an Azure app
• Troubleshoot Azure subscription sign-in issues
• No subscriptions found sign in error for Azure portal
• Troubleshoot account issues for federated users in Microsoft 365, Azure, or Intune
• How to fix the error message "Your network administrator has blocked access"
• Error message: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
• interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
• Azure File Share Access Issue: Unauthorized Request Error with SAS URL - Microsoft Q&A
• I can no longer login to office. I have a subscription - Microsoft Q&A
• Can not access Azure - Microsoft Q&A