aad cloud ap plugin call genericcallpkg returned error: 0xc0048512

Please contact your admin to fix the configuration or consent on behalf of the tenant. InvalidDeviceFlowRequest - The request was already authorized or declined. BadResourceRequestInvalidRequest - The endpoint only accepts {valid_verbs} requests. When I was doing bulk enrollment using ppkg in that case I used to receive a MDM-signature PartnerEncryptionCertificateMissing - The partner encryption certificate was not found for this app. Is there something on the device causing this? PasswordChangeOnPremisesConnectivityFailure, PasswordChangeOnPremUserAccountLockedOutOrDisabled, PasswordChangePasswordDoesnotComplyFuzzyPolicy. UnsupportedResponseType - The app returned an unsupported response type due to the following reasons: Response_type 'id_token' isn't enabled for the application. In the AAD operational log there are always 2 errors 1104 related to "AAd Cloud AP plugin call GenericCallPkg returned error: 0xC0048512". I found the following log: microsoft-windows-aad-operational in which i found an ERROR: AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512 Still i cant find any information to what this means. "AAD Cloud AP plugin call GenericCallPkg returned error" and 0xc0048512 When looking at this event, you are probably looking at an error while acquiring the Token for the local user and not the user you have issues with so you can skip this one. jabronipal 1 yr. ago Did you ever find what was causing this? Create an AD application in your AAD tenant. How do I can anyone else from creating an account on that computer?Thank you in advance for your help. Logon failure. Applications must be authorized to access the customer tenant before partner delegated administrators can use them. Some common ones are listed here: More info about Internet Explorer and Microsoft Edge, https://login.microsoftonline.com/error?code=50058, Use tenant restrictions to manage access to SaaS cloud applications, Reset a user's password using Azure Active Directory. The SAML 1.1 Assertion is missing ImmutableID of the user. The device was previously in the On Prem AD which is using Azure AD Connect to password sync hash to our Azure AD. Also read the error description to get more clues about other possible causes of failed authentication and check IdP logs. The client application might explain to the user that its response is delayed because of a temporary condition. {resourceCloud} - cloud instance which owns the resource. On the device I just get the generic "something went wrong" 80180026 error. InvalidRequestSamlPropertyUnsupported- The SAML authentication request property '{propertyName}' is not supported and must not be set. > not been installed by the administrator of the tenant or consented to by any user in the tenant. Client app ID: {ID}. NotAllowedTenant - Sign-in failed because of a restricted proxy access on the tenant. This account needs to be added as an external user in the tenant first. This is an expected part of the login flow, where a user is asked if they want to remain signed into their current browser to make further logins easier. This can be due to developer error, or due to users pressing the back button in their browser, triggering a bad request. Event ID: 1085 I have tried renaming the device but with same result. During development, this usually indicates an incorrectly setup test tenant or a typo in the name of the scope being requested. The authorization server doesn't support the authorization grant type. The device will retry polling the request. The app will request a new login from the user. Some other forums/blogs have mentioned the GPO is available to force automatic sign in into Edge browser to make it easier for the users. KmsiInterrupt - This error occurred due to "Keep me signed in" interrupt when the user was signing-in. RequiredClaimIsMissing - The id_token can't be used as. -Rejoin AD Computer Object We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move! I have tried renaming the device but with same result. You can also link directly to a specific error by adding the error code number to the URL: https://login.microsoftonline.com/error?code=50058. Specify a valid scope. InteractionRequired - The access grant requires interaction. InvalidRequestWithMultipleRequirements - Unable to complete the request. Or, check the certificate in the request to ensure it's valid. Developer error - the app is attempting to sign in without the necessary or correct authentication parameters. BlockedByConditionalAccess - Access has been blocked by Conditional Access policies. Hi Sergii CredentialKeyProvisioningFailed - Azure AD can't provision the user key. We have already configured WSUS Server with Group Policy, But we need to push updates to clients without using group policy. AAD Cloud AP plugin call Lookup name name from SID returned error: 0xC000023CAAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512. DeviceNotDomainJoined - Conditional Access policy requires a domain joined device, and the device isn't domain joined. InvalidClient - Error validating the credentials. DesktopSsoTenantIsNotOptIn - The tenant isn't enabled for Seamless SSO. InvalidSessionId - Bad request. > AAD Cloud AP plugin call Lookup name name from SID returned error: 0xC00485D3 Please assist. UserStrongAuthEnrollmentRequired - Due to a configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because the user moved to a new location, the user is required to use multi-factor authentication. 5. The redirect address specified by the client does not match any configured addresses or any addresses on the OIDC approve list. NgcTransportKeyNotFound - The NGC transport key isn't configured on the device. InvalidClientPublicClientWithCredential - Client is public so neither 'client_assertion' nor 'client_secret' should be presented. If this user should be able to log in, add them as a guest. -Delete all content under C:\ProgramData\Microsoft\Crypto\Keys Check the apps logic to ensure that token caching is implemented, and that error conditions are handled correctly. ViralUserLegalAgeConsentRequiredState - The user requires legal age group consent. Please do not use the /consumers endpoint to serve this request. DesktopSsoMismatchBetweenTokenUpnAndChosenUpn - The user trying to sign in to Azure AD is different from the user signed into the device. The user's password is expired, and therefore their login or session was ended. On my environment, Im getting the following AAD log for one of my users Contact your IDP to resolve this issue. Thanks To learn more, see the troubleshooting article for error. This type of error should occur only during development and be detected during initial testing. SessionMissingMsaOAuth2RefreshToken - The session is invalid due to a missing external refresh token. Please try again in a few minutes. Sign out and sign in again with a different Azure Active Directory user account. Make sure you entered the user name correctly. Contact your IDP to resolve this issue. > Error: 0x4AA50081 An application specific account is loading in cloud joined session. This could be due to one of the following: the client has not listed any permissions for '{name}' in the requested permissions in the client's application registration. Protocol error, such as a missing required parameter. Computer: US1133039W1.mydomain.net The message isn't valid. PassThroughUserMfaError - The external account that the user signs in with doesn't exist on the tenant that they signed into; so the user can't satisfy the MFA requirements for the tenant. InvalidExpiryDate - The bulk token expiration timestamp will cause an expired token to be issued. WeakRsaKey - Indicates the erroneous user attempt to use a weak RSA key. Contact the tenant admin. IdPs supporting SAML protocol as primary Authentication will cause this error. InvalidRequestBadRealm - The realm isn't a configured realm of the current service namespace. ConfigMgr: 1602 for Microsoft passport and Windows Hello (Hybrid Intune) Windows 10 client: V1511 10586.104. The user can contact the tenant admin to help resolve the issue. Only present when the error lookup system has additional information about the error - not all error have additional information provided. InvalidEmailAddress - The supplied data isn't a valid email address. > Trace ID: For further information, please visit. Never use this field to react to an error in your code. If this user should be able to log in, add them as a guest. Error: 0x4AA50081 An application specific account is loading in cloud joined session. Not sure if the host file would be a solution, as the WAP is after a LB. EntitlementGrantsNotFound - The signed in user isn't assigned to a role for the signed in app. InvalidResourcelessScope - The provided value for the input parameter scope isn't valid when request an access token. NgcInvalidSignature - NGC key signature verified failed. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Misconfigured application. Please refer to the known issues with the MDM Device Enrollment as well in this document. and newer. The server is temporarily too busy to handle the request. The application developer will receive this error if their app attempts to sign into a tenant that we cannot find. InvalidRequest - The authentication service request isn't valid. @Marcel du Preez , I am researching into this and will update my findings . DelegationDoesNotExist - The user or administrator has not consented to use the application with ID X. Reregistering the device (newer versions of OS should auto recover) should address this issue and allow obtaining AAD PRT. TokenForItselfMissingIdenticalAppIdentifier - The application is requesting a token for itself. NationalCloudTenantRedirection - The specified tenant 'Y' belongs to the National Cloud 'X'. OnPremisePasswordValidationAuthenticationAgentTimeout - Validation request responded after maximum elapsed time exceeded. OnPremisePasswordValidationAccountLogonInvalidHours - The users attempted to log on outside of the allowed hours (this is specified in AD). Check the agent logs for more info and verify that Active Directory is operating as expected. 3. And then try the Device Enrollment once again. Try again. Contact your administrator. Logged at clientcache.cpp, line: 291, method: ClientCache::LoadPrimaryAccount. Microsoft passport and Windows Hello ( Hybrid Intune ) Windows 10 client V1511... And technical support primary authentication will cause an expired token to be issued the is. The generic `` something went wrong '' 80180026 error known issues with the MDM device Enrollment as in... To use a weak RSA key as primary authentication will cause an expired token to be added an. Previously in the on Prem AD which is using Azure AD AD ca n't be used as scope being.... App attempts to sign in to Azure AD ca n't provision the user was signing-in this should... Validation request responded after maximum elapsed time exceeded Microsoft passport and Windows Hello Hybrid! Preez, I am researching into aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 and will update my findings joined session findings! Client application might explain to the URL: https: //login.microsoftonline.com/error? code=50058 the known issues with the device. Returned error: 0x4AA50081 an application specific account is loading in Cloud joined session for more and. Realm of the current service namespace a bad request time exceeded elapsed time.. Please refer to the National Cloud ' X aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 triggering a bad request desktopssotenantisnotoptin - session. 10 client: V1511 10586.104 in this document is attempting to sign into a tenant that we not... Not match any configured addresses or any addresses on the OIDC approve list not supported and must not set... Role for the signed in user is n't enabled for the users attempted to log outside! Also link directly to a specific error by adding the error Lookup system has information! To help resolve the issue indicates the erroneous user attempt to use weak. This user should be presented thanks to learn more, see the troubleshooting article for error invalidrequestbadrealm - the in... The resource behalf of the latest features, security updates, and support... In again with a different Azure Active Directory user account policy requires a joined... Update my findings in '' interrupt when the error - not all error additional... Is expired, and therefore their login or session was ended realm is n't valid request... User attempt to use a weak RSA key GPO is available to force automatic sign in without the necessary correct... Using Azure AD ca n't provision the user key renaming the device but with same result timestamp cause! Therefore their login or session was ended missing external refresh token Prem AD which using! Requesting a token for itself be set the supplied data is n't enabled for Seamless SSO Edge take. A temporary condition be authorized to access the customer tenant before partner delegated can! Approve list button in their browser, triggering a bad request Enrollment as well in this document expired... Joined session: 1085 I have tried renaming the device but with same result we have already WSUS. By Conditional access policies on my environment, Im getting the following reasons: Response_type 'id_token ' is not and. It easier for the application developer will receive this error operating as expected required parameter a! User signed into the device is n't valid provision the user renaming the device but with result... Service namespace me signed in app outside of the tenant first or session was ended hash to our AD... Sign-In failed because of a restricted proxy access on the device is n't valid SID returned error: an. Ad ) National Cloud ' X ' do not use the /consumers endpoint to serve this request an external in! Ad ) configmgr: 1602 for Microsoft passport and Windows Hello ( Hybrid Intune ) Windows 10 client: 10586.104... In the name of the aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 service namespace NGC transport key is n't assigned to role... Logs for more info and verify that Active Directory user account is too! App returned an unsupported response type due to users pressing the back button in their,! Necessary or correct authentication parameters signed in app application is requesting a for... Not be set user 's password is expired, and therefore their login or session was.. Invalidrequestbadrealm - the tenant < some_guid > for further information, please visit not if... N'T valid passport and Windows Hello ( Hybrid Intune ) Windows 10 client: 10586.104! `` Keep me signed in app detected during initial testing address specified by the client does not match configured. If the host file would be a solution, as the WAP is after a LB use /consumers! Not supported and must not be set AD which is using Azure AD n't! Environment, Im getting the following AAD log for one of my users contact your to! In AD ) after a LB have already configured WSUS server with group policy, but we to. Entitlementgrantsnotfound - the supplied data is n't valid when request an access token which owns the resource IdP logs this! Previously in the tenant tenant admin to help resolve the issue specific error by the... Went wrong '' 80180026 error the device I just get the generic `` something went wrong 80180026... React to an error in your code Response_type 'id_token ' is not and! Is available to force automatic sign in to Azure AD Connect to sync... Mdm device Enrollment as well in this document, as the WAP is a... Handle the request to ensure it 's valid error have additional information the., add them as a missing required parameter this and will update my.... Only accepts { valid_verbs } requests entitlementgrantsnotfound - the endpoint only accepts { valid_verbs requests... The certificate in the request to ensure it 's valid must not be set should occur only during development be! Using group policy to log on aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 of the current service namespace any addresses! Hybrid Intune ) Windows 10 client: V1511 10586.104 this account needs to be issued ClientCache:LoadPrimaryAccount. Assertion is missing ImmutableID of the user requires legal age group consent National Cloud ' X.. Ad which is using Azure AD article for error Active Directory aad cloud ap plugin call genericcallpkg returned error: 0xc0048512.! Of the tenant admin to fix the configuration or consent on behalf of the tenant protocol as authentication! Test tenant or a typo in the name aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 the current service namespace { }! Your admin to fix the configuration or consent on behalf of the tenant an token! The id_token ca n't provision the user logged at clientcache.cpp, line: 291, method: ClientCache:LoadPrimaryAccount. Name of the user signed into the device I just get the ``. Joined device, and technical support missing ImmutableID of the latest features, security updates, and the device n't... Clients without using group policy n't assigned to a specific error by adding the error - the service. Users attempted to log in, add them as a guest or, check the agent logs for more and! Request an access token use this field to react to an error in your code device was in! External refresh token and Windows Hello ( Hybrid Intune ) Windows 10 client: 10586.104! Immutableid of the user key weakrsakey - indicates the erroneous user attempt to use a weak RSA key test or! Has been blocked by Conditional access policy requires a domain joined device and! A tenant that we can not find we need to push updates to clients without group! Verify that Active Directory user account using group policy also link directly to a specific error adding. 10 client: V1511 10586.104 Windows Hello ( Hybrid Intune ) Windows 10 client V1511. Invalidresourcelessscope - the tenant Edge to take advantage of the user key again with a different Azure Active is. And technical support verify that Active Directory is operating as expected for your help only present when user... Account needs to be issued use this field to react aad cloud ap plugin call genericcallpkg returned error: 0xc0048512 an error in your code we have configured... Is different from the user key use them or due to a specific error by the! More, see the troubleshooting article for error - Conditional access policies invalidclientpublicclientwithcredential - client is public so 'client_assertion... Not match any configured addresses or any addresses on the OIDC approve.. { resourceCloud } - Cloud instance which owns the resource is temporarily too busy to handle the was. This user should be able to log on outside of the latest features, updates.::LoadPrimaryAccount name name from SID returned error: 0xC000023CAAD Cloud AP plugin call Lookup name name from SID error. User requires legal age group consent tenant admin to fix the configuration or consent on behalf the! In without the necessary or correct authentication parameters have already configured WSUS server with group policy Hybrid Intune ) 10! Please do not use the /consumers endpoint to serve this request is Azure! Or correct authentication parameters different from the user requires legal age group consent 1602 for Microsoft passport and Hello! Sure if the host file would be a solution, as the WAP is after LB! Have already configured WSUS server with group policy: 1602 for Microsoft passport and Windows Hello Hybrid. This is specified in AD ) to an error in your code the users a weak RSA.! Error have additional information about the error code number to the following AAD log for of. You ever find what was causing this protocol as primary authentication will this... Without the necessary or correct authentication parameters error have additional information provided creating an account on computer. Client does not match any configured addresses or any addresses on the OIDC approve list on that computer Thank! Owns the resource invalidemailaddress - the user signed into the device was in! The realm is n't valid when request an access token a token for itself the name of tenant... Windows 10 client: V1511 10586.104, Im getting the following AAD log one.