question

Zeno152 avatar image
0 Votes"
Zeno152 asked JimmyYang-MSFT edited

Teams asking for credentials on logoff-login

Teams is always asking for credentials after logoff-login, giving the following error when clicking on "Allow my organization to manage this device":
CAA50021 - Number of retry attempts exceeds expectation.

Strange fact: if I run this command on the machine prior to launching Teams, it start correctly:
dsregcmd /leave

Which simply unjoin the device from Azure AD.

Azure AD registration status when not working (always asking for credentials):


*C:\Windows\system32>dsregcmd /status


+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+


          AzureAdJoined : YES
       EnterpriseJoined : NO
           DomainJoined : YES*



Whereas when it's working after the command above:
C:\Windows\system32>dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : YES


Do you guys know why it's behaving like this?

Thanks

Zeno

office-teams-windows-itpro
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi anonymous user152

What is your environment? Hybrid or online?

Does anyone else have the same issue in your organization?

According to your error message and testing, it seems the device registration affect the Teams modern authentication. In this case, we recommend you contact your admin to confirm if Mobile Device Management for Office 365 or Microsoft Intune services is enabled.

If one of them enabled, users in organization will be able to register their devices to Azure AD. Or if both services isn’t enabled, you may let admin login Azure AD admin center->Devices->Devices settings, and check if “Users may register their devices with Azure AD” setting is enabled.

0 Votes 0 ·

Hello @JimmyYang-MSFT,

our environment is a Citrix VDI with Windows 10 non-persistent machines.

They register to Azure as Hybrid devices.

I confirm you that the setting "Users may register their devices with Azure AD" is enabled, see attached print screen.

Do you know if this registration is actually necessary in order to work with teams/office or we can just avoid the sync with Azure AD in order to make Teams working as expected?

Thanks

108093-devices.png


0 Votes 0 ·
devices.png (23.1 KiB)

@JimmyYang-MSFT , additionally, all devices show with a registration pending status:
108113-devices2.png


0 Votes 0 ·
devices2.png (50.3 KiB)
Show more comments

1 Answer

Zeno152 avatar image
0 Votes"
Zeno152 answered JimmyYang-MSFT edited

Hello @JimmyYang-MSFT,

I actually found the solution to this issue: turned out that the golden image was registered to Azure AD a long time ago, therefore the registration has expired.

I followed this procedure in order to re-register the golden image and now the VDIs seem to be working just fine.

One last question: do you know if it's necessary to have those devices showing as registered in Azure AD or it's fine to keep them as "pending"?

Thanks

Zeno

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

anonymous user152

Thanks for your sharing! If you need these device to login Teams client, it seems better to set them as registered in Azure AD.

0 Votes 0 ·