AADLoginForWindows: Unable to Login

Marcel du Preez 36 Reputation points
2022-02-09T13:43:35.897+00:00

I have a VM in an Azure sub on which I've enabled AADLoginForWindows using the Azure CLI as outlined here: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

My Azure account is part of a group that's been assigned the Virtual Machine Administrators role on the VM.

When trying to login using RDP, I receive an error stating "Your credentials didn't work."

Running through the troubleshooting steps as outlined here (https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#troubleshoot-deployment-issues), I've established the following using a non-AzureAD account (local admin account) to login:

Checking the Event Viewer > Applications and Services Logs > Microsoft > Windows > AAD > Operational log, there are a couple of errors (not necessarily in the correct order):

1. > Http request status: 400. Method: POST Endpoint Uri: https://login.microsoftonline.com/<my_tenant_id>/oauth2/token Correlation ID: <some_guid>

2. > OAuth response error: invalid_resource > Error description: AADSTS500011: The resource principal named <some_guid> was not found in the tenant named <my_tenant_name>. This can happen if the application has > not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. > Trace ID: <some_guid> > Correlation ID: <some_guid> > Timestamp: <some_timestamp> > CorrelationID: <some_guid>

3. > AAD Cloud AP plugin call GenericCallPkg returned error: 0xC000008A

4. > Error: 0x4AA50081 An application specific account is loading in cloud joined session. > Logged at ClientCache.cpp, line: 374, method: ClientCache::LoadPrimaryAccount.

5. > AAD Cloud AP plugin call Lookup name name from SID returned error: 0xC00485D3

Please assist.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,450 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Moises de Matos Gil 0 Reputation points
    2023-06-26T00:13:47.21+00:00

    @Marcel du Preez any update? I have the exactly same problem.

    0 comments No comments

  2. Phillip Baaten 0 Reputation points
    2023-08-08T01:40:11.4133333+00:00

    Would love an update on this one and how it was solved?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.