登入活動報告錯誤碼Sign-in activity report error codes

利用使用者登入報告所提供的資訊,您可以找到下列問題的解答︰With the information provided by the user sign-ins report, you find answers to questions such as:

  • 誰登入我的應用程式?Who signed in to my application?
  • 已登入哪些應用程式?Which applications were signed in to?
  • 哪些登入失敗,原因為何?Which sign-ins failed why?

登入失敗時,您會看到失敗的對應錯誤碼。When a sign-in fails, you will see an error code corresponding to the failure. 本文會列出錯誤碼與其描述,以及建議的適用行動方針。This article lists the error codes and their descriptions, along with a suggested course of action where applicable.

如何顯示失敗的登入?How can I display failed sign-ins?

巡覽至 Azure 入口網站中的登入報告Navigate to the Sign-ins report in the Azure portal.

登入活動Sign-in activity

篩選報告以顯示所有失敗的登入,其做法是從 [登入狀態] 下拉式方塊中選取 [失敗] 。Filter the report to display all failed sign-ins by selecting Failure from the Sign-in status drop-down box.

登入活動Sign-in activity

從篩選後的清單中選取一個項目,就會開啟 [活動詳細資料: 登入] 刀鋒視窗。Selecting an item from the filtered list opens the Activity Details: Sign-ins blade. 此檢視提供有關失敗登入事件的其他資料,包括 [登入錯誤碼] 和 [失敗原因] 。This view provides you with additional information about the failed sign-in event, including the sign-in error code and failure reason.

登入活動Sign-in activity

您也可以使用報告 API,以程式設計方式存取登入資料。You can also programmatically access the sign-in data using the reporting API.

錯誤碼Error codes

ErrorError 描述Description
1600016000 這是內部實作詳細資料,而不是錯誤狀況。This is an internal implementation detail and not an error condition. 您可以放心地忽略此參考。You can safely ignore this reference.
2000120001 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
2001220012 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
2003320033 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
4000840008 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
4000940009 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
4001440014 同盟識別提供者有問題。There is an issue with your federated Identity Provider. 請連絡 IDP 以解決此問題。Contact your IDP to resolve this issue.
5000050000 登入服務發生問題。There is an issue with our sign-in service. 開啟支援票證以解決此問題。Open a support ticket to resolve this issue.
5000150001 此租用戶中找不到服務主體名稱。The service principal name was not found in this tenant. 如果租用戶的管理員尚未安裝此應用程式,或如果在目錄中找不到資源主體或為無效,也可能會發生此錯誤。This can happen if the application has not been installed by the administrator of the tenant, or if the resource principal was not found in the directory or is invalid.
5000250002 登入失敗,因為租用戶上的 Proxy 存取受限。Sign-in failed due to restricted proxy access on tenant. 如果該租用戶原則是您自有的,您可以變更受限租用戶的設定以修正此問題。If it's your own tenant policy, you can change your restricted tenant settings to fix this issue.
5000350003 登入失敗,因為遺漏簽署金鑰或憑證。Sign-in failed due to missing signing key or certificate. 這可能是因為應用程式中未設定任何簽署金鑰。This might be because there was no signing key configured in the application. 請參閱下列文件所述的解決方式:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#certificate-or-key-not-configuredCheck out the resolutions outlined at https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#certificate-or-key-not-configured. 如果問題持續發生,請連絡應用程式擁有者或應用程式管理員。If the issue persists, contact the application owner or the application administrator.
5000550005 使用者嘗試登入至裝置,從目前不支援透過條件式存取原則的平台。User tried to login to a device from a platform that's currently not supported through Conditional Access policy.
5000650006 簽章驗證失敗,因為簽章無效。Signature verification failed due to invalid signature. 請參閱下列文件所述的解決方式:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-galleryCheck out the resolution outlined at https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery. 如果問題持續發生,請連絡應用程式擁有者或應用程式管理員。If the issue persists, contact the application owner or application administrator.
5000750007 找不到此應用程式的夥伴加密憑證。Partner encryption certificate was not found for this application. 請向 Microsoft 開啟支援票證以修正此問題。Open a support ticket with Microsoft to get this fixed.
5000850008 權杖中的 SAML 判斷提示遺漏或設定不正確。SAML assertion is missing or misconfigured in the token. 請連絡同盟提供者。Contact your federation provider.
5001050010 應用程式的對象 URI 驗證失敗,因為未設定權杖對象。Audience URI validation for the application failed since no token audiences were configured. 請連絡應用程式擁有者以解決問題。Contact the application owner for resolution.
5001150011 回覆地址遺漏、設定不正確或不符合針對應用程式所設定的回覆地址。The reply address is missing, misconfigured, or does not match reply addresses configured for the application. 請嘗試使用下列文件所列出的解決方式:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#the-reply-address-does-not-match-the-reply-addresses-configured-for-the-applicationTry the resolution listed at https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#the-reply-address-does-not-match-the-reply-addresses-configured-for-the-application. 如果問題持續發生,請連絡應用程式擁有者或應用程式管理員。If the issue persists, contact the application owner or application administrator.
5001250012 這是指出驗證失敗的一般錯誤訊息。This is a generic error message that indicates that authentication failed. 發生的原因可能是要求中遺失或無效的認證或宣告。This can happen for reasons such as missing or invalid credentials or claims in the request. 確認傳送的要求中包含正確的認證和宣告。Ensure that the request is sent with the correct credentials and claims.
5001350013 判斷提示因為各種原因而無效。Assertion is invalid because of various reasons. 例如,權杖簽發者不符合其有效時間範圍內的 API 版本、權杖已過期或格式不正確,或判斷提示中的重新整理權杖不是主要的重新整理權杖。For instance, the token issuer doesn't match the api version within its valid time range, the token is expired or malformed, or the refresh token in the assertion is not a primary refresh token.
5001750017 憑證驗證失敗,原因如下:Certification validation failed, reasons for the following reasons:
  • 在受信任的憑證清單中找不到發行憑證Cannot find issuing certificate in trusted certificates list
  • 找不到預期的 CrlSegmentUnable to find expected CrlSegment
  • 在受信任的憑證清單中找不到發行憑證Cannot find issuing certificate in trusted certificates list
  • 在設定差異 CRL 發佈點時未指定對應的 CRL 發佈點Delta CRL distribution point is configured without a corresponding CRL distribution point
  • 由於逾時問題而無法擷取有效的 CRL 區段Unable to retrieve valid CRL segments due to timeout issue
  • 無法下載 CRLUnable to download CRL
請連絡租用戶管理員。Contact the tenant administrator.
5002050020 由於以下其中一個原因,使用者未獲得授權。The user is unauthorized for one of the following reasons.
  • 使用者嘗試以含 v1 端點的 MSA 帳戶來登入The user is attempting to login with an MSA account with the v1 endpoint
  • 使用者不存在於租用戶中。The user doesn't exist in the tenant.
請連絡應用程式擁有者。Contact the application owner.
5002750027 JWT 權杖無效,原因如下:Invalid JWT token due to the following reasons:
  • 未包含 nonce 宣告、子宣告doesn't contain nonce claim, sub claim
  • 主旨識別碼不相符subject identifier mismatch
  • idToken 宣告中的宣告重複duplicate claim in idToken claims
  • 未預期的簽發者unexpected issuer
  • 未預期的對象unexpected audience
  • 不在其有效時間範圍內not within its valid time range
  • 權杖格式不正確token format is not proper
  • 來自簽發者的外部 ID 權杖未能通過簽章驗證。External ID token from issuer failed signature verification.
請連絡應用程式擁有者Contact the application owner
5002950029 URI 無效 - 網域名稱包含無效字元。Invalid URI - domain name contains invalid characters. 請連絡租用戶管理員。Contact the tenant administrator.
5003450034 使用者不存在於目錄中。User does not exist in directory. 請連絡租用戶管理員。Contact your tenant administrator.
5004250042 原則上遺漏產生成對識別碼所需的 salt。The salt required to generate a pairwise identifier is missing in principle. 請連絡租用戶管理員。Contact the tenant administrator.
5004850048 主體與用戶端判斷提示中的簽發者宣告不符。Subject mismatches Issuer claim in the client assertion. 請連絡租用戶管理員。Contact the tenant administrator.
5005050050 要求格式不正確。Request is malformed. 請連絡應用程式擁有者。Contact the application owner.
5005350053 帳戶遭到鎖定,因為使用者嘗試使用不正確的使用者識別碼或密碼登入太多次。Account is locked because the user tried to sign in too many times with an incorrect user ID or password.
5005550055 無效的密碼,或輸入的密碼過期。Invalid password, entered expired password.
5005650056 密碼無效或為 Null - 存放區中沒有此使用者的密碼。Invalid or null password - Password does not exist in store for this user.
5005750057 使用者帳戶已停用。User account is disabled. 系統管理員已停用該帳戶。The account has been disabled by an administrator.
5005850058 應用程式嘗試執行無訊息登入,但使用者不得以無訊息模式登入。The application tried to perform a silent sign in and the user could not be silently signed in. 應用程式需要啟動互動式流程,讓使用者可選擇登入。The application needs to start an interactive flow giving users an option to sign-in. 請連絡應用程式擁有者。Contact application owner.
5005950059 使用者不存在於目錄中。User does not exist in directory. 請連絡租用戶管理員。Contact your tenant administrator.
5006150061 登出要求無效。Sign-out request is invalid. 請連絡應用程式擁有者。Contact the application owner.
5007250072 使用者需要註冊雙因素驗證 (互動式)。User needs to enroll for two-factor authentication (interactive).
5007450074 使用者未通過 MFA 檢查。User did not pass the MFA challenge.
5007650076 使用者未通過 MFA 檢查 (非互動式)。User did not pass the MFA challenge (non interactive).
5007950079 使用者需要註冊雙因素驗證 (非互動式登入)。User needs to enroll for two factor authentication (non-interactive logins).
5008550085 重新整理權杖需要社交 IDP 登入。Refresh token needs social IDP login. 讓使用者嘗試以其使用者名稱和密碼重新登入。Have user try signing-in again with their username and password.
5008950089 流程權杖過期 - 驗證失敗。Flow token expired - Authentication failed. 讓使用者嘗試以其使用者名稱和密碼重新登入。Have user try signing-in again with their username and password
5009750097 需要裝置驗證。Device Authentication Required. 因為 DeviceId 或 DeviceAltSecId 宣告為 Null,或沒有與裝置識別碼對應的裝置存在,所以可能發生這種情形。This could occur because the DeviceId or DeviceAltSecId claims are null, or if no device corresponding to the device identifier exists.
5009950099 JWT 簽章無效。JWT signature is invalid. 請連絡應用程式擁有者。Contact the application owner.
5010550105 未將登入的使用者指派給所登入應用程式的角色。The signed in user is not assigned to a role for the signed in application. 請將使用者指派給應用程式。Assign the user to the application. 如需詳細資訊:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-roleFor more information: https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-role
5010750107 所要求的同盟領域物件不存在。Requested federation realm object does not exist. 請連絡租用戶管理員。Contact the tenant administrator.
5012050120 JWT 標頭有問題。Issue with JWT header. 請連絡租用戶管理員。Contact the tenant administrator.
5012450124 宣告轉換所包含的輸入參數無效。Claims Transformation contains invalid input parameter. 請連絡租用戶管理員以更新原則。Contact the tenant administrator to update the policy.
5012550125 因為密碼重設或密碼註冊項目,登入作業已中斷。Sign-in was interrupted due to a password reset or password registration entry.
5012650126 使用者名稱、密碼無效,或內部部署使用者名稱或密碼無效。Invalid username or password, or invalid on-premises username or password.
5012750127 使用者必須安裝訊息代理程式應用程式來存取此內容。User needs to install a broker application to gain access to this content.
5012850128 網域名稱無效 - 在要求中找不到租用戶識別資訊,或任何提供的認證均未隱含租用戶識別資訊。Invalid domain name - No tenant-identifying information found in either the request or implied by any provided credentials.
5012950129 裝置為加入工作場所網路 - 註冊裝置需加入工作場所網路Device is not workplace joined - Workplace join is required to register the device.
5013050130 宣告值無法解譯為已知驗證方法。Claim value cannot be interpreted as known auth method.
5013150131 用於多個條件式存取錯誤。Used in various Conditional Access errors. 例如E.g. 不正確的 Windows 裝置狀態,要求因為可疑的活動、存取原則和安全性原則決策而遭到封鎖。Bad Windows device state, request blocked due to suspicious activity, access policy, and security policy decisions.
5013250132 認證已遭撤銷,原因如下:Credentials have been revoked due to the following reasons:
  • SSO 成品無效或過期SSO Artifact is invalid or expired
  • 工作階段對應用程式來說不夠新Session not fresh enough for application
  • 已傳送無訊息登入要求,但使用者的 Azure AD 工作階段無效或過期。A silent sign-in request was sent but the user's session with Azure AD is invalid or has expired.
5013350133 工作階段因為到期或近期密碼變更而無效。Session is invalid due to expiration or recent password change.
5013550135 帳戶有風險,因此必須變更密碼。Password change is required due to account risk.
5013650136 將 MSA 工作階段重新導向至應用程式 - 偵測到單一 MSA 工作階段。Redirect MSA session to application - Single MSA session detected.
5014050140 由於在使用者登入時出現「讓我保持登入」插斷,所以發生此錯誤。This error occurred due to "Keep me signed in" interrupt when the user was signing-in. 請使用相互關聯識別碼、要求識別碼和錯誤碼開啟支援票證,以取得更多詳細資料。Open a support ticket with Correlation ID, Request ID, and Error code to get more details.
5014350143 工作階段不符 - 工作階段無效,原因是由於資源不同而導致使用者租用戶與網域提示不符。請使用相互關聯識別碼、要求識別碼和錯誤碼 開啟支援票證,以取得更多詳細資料。Session mismatch - Session is invalid because user tenant does not match the domain hint due to different resource. Open a support ticket with Correlation ID, Request ID, and Error code to get more details.
5014450144 使用者的 Active Directory 密碼已到期。User's Active Directory password has expired. 為使用者產生新密碼,或讓終端使用者使用自助式重設工具。Generate a new password for the user or have the end user using self-service reset tool.
5014650146 在設定此應用程式時,必須使用應用程式專屬的簽署金鑰。This application is required to be configured with an application-specific signing key. 在設定應用程式時未使用這樣的金鑰,或該金鑰已過期或尚未生效。It is either not configured with one, or the key has expired or is not yet valid. 請連絡應用程式擁有者。Contact the application owner.
5014850148 code_verifier 與 PKCE 的授權要求中所提供的 code_challenge 不符。The code_verifier does not match the code_challenge supplied in the authorization request for PKCE. 請連絡應用程式開發人員。 Contact the application developer.
5015550155 此使用者的裝置驗證失敗。Device authentication failed for this user.
5015850158 不符合外部安全性挑戰。External security challenge was not satisfied.
5016150161 外部提供者所傳送的宣告不足,或是遺漏向外部提供者所要求的宣告。Claims sent by external provider is not sufficient, or missing claim requested to external provider.
5016650166 無法將要求傳送給宣告提供者。Failed to send request to claims provider.
5016950169 此領域不是當前服務命名空間所設定的領域。The realm is not a configured realm of the current service namespace.
5017250172 外部宣告提供者未獲得核准。External claims provider is not approved. 請連絡租用戶管理員。Contact the tenant administrator
5017350173 需要全新的驗證權杖。Fresh auth token is needed. 讓使用者使用全新的認證再次登入。Have the user sign-in again using fresh credentials.
5017750177 未針對傳遞使用者支援外部挑戰。External challenge is not supported for passthrough users.
5017850178 未針對傳遞使用者支援工作階段控制。Session Control is not supported for passthrough users.
5018050180 需要 Windows 整合式驗證。Windows Integrated authentication is needed. 為租用戶啟用無縫 SSO。Enable the tenant for Seamless SSO.
5100151001 所顯示的網域提示沒有內部部署安全性識別碼 - 內部部署 UPN。Domain Hint is not present with On-Premises Security Identifier - On-Premises UPN.
5100451004 目錄中不存在使用者帳戶。User account doesn’t exist in the directory.
5100651006 需要 Windows 整合式驗證。Windows Integrated authentication is needed. 使用透過宣告遺漏的工作階段權杖來登入的使用者。User logged in using session token that is missing via claim. 請要求使用者重新登入。Request the user to re-login.
5200452004 使用者尚未同意存取 LinkedIn 資源。User has not provided consent for access to LinkedIn resources.
5300053000 條件式存取原則需要相容的裝置,但裝置不相容。Conditional Access policy requires a compliant device, and the device is not compliant. 讓使用者向 Intune 等獲得核准的 MDM 提供者註冊其裝置。Have the user enroll their device with an approved MDM provider like Intune.
5300153001 條件式存取原則需要已加入網域的裝置,但該裝置尚未加入網域。Conditional Access policy requires a domain joined device, and the device is not domain joined. 請使用者使用已加入網域的裝置。Have the user use a domain joined device.
5300253002 使用應用程式不是核准的應用程式的條件式存取。Application used is not an approved application for Conditional Access. 使用者所使用的應用程式,必須是已核准使用的應用程式清單其中一個,才能取得存取權。User needs to use one of the apps from the list of approved applications to use in order to get access.
5300353003 存取已被封鎖,因為條件式存取原則。Access has been blocked due to Conditional Access policies.
5300453004 使用者必須先完成多重要素驗證註冊程序,才能存取此內容。User needs to complete Multi-factor authentication registration process before accessing this content. 使用者應該註冊多重要素驗證。User should register for multi-factor authentication.
6500165001 應用程式 X 沒有存取應用程式 Y 的權限,或已撤銷此權限。Application X doesn't have permission to access application Y or the permission has been revoked. 或者,使用者或系統管理員尚未同意使用識別碼為 X 的應用程式。針對此使用者和資源傳送互動式授權要求。Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. 或者,使用者或系統管理員尚未同意使用識別碼為 X 的應用程式。請將授權要求傳送給租用戶管理員,以代表應用程式Y 針對資源Z 採取行動。Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.
6500465004 使用者不同意存取應用程式。User declined to consent to access the app. 讓使用者重試登入,並同意應用程式Have the user retry the sign-in and consent to the app
6500565005 應用程式所需資源存取清單不包含資源可探索的應用程式,或用戶端應用程式已要求存取未在其所需資源存取清單中指定的資源,或 Graph 服務傳回不正確的要求或找不到資源。The application required resource access list does not contain applications discoverable by the resource or The client application has requested access to resource, which was not specified in its required resource access list or Graph service returned bad request or resource not found. 如果應用程式支援 SAML,則可能是您在設定應用程式時所使用的識別碼 (實體) 不正確。If the application supports SAML, you may have configured the application with the wrong Identifier (Entity). 請嘗試使用下列連結中針對 SAML 所列出的解決方案:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-listTry out the resolution listed for SAML using the link below: https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-list
7000070000 授與無效,原因如下:Invalid grant due to the following reasons:
  • 所要求 SAML 2.0 判斷提示的主體確認方法無效Requested SAML 2.0 assertion has invalid Subject Confirmation Method
  • V2 上不支援應用程式 OnBehalfOf 流程App OnBehalfOf flow is not supported on V2
  • 未使用工作階段金鑰簽署主要的重新整理權杖Primary refresh token is not signed with session key
  • 外部重新整理權杖無效Invalid external refresh token
  • 所取得的存取權授與,是不同租用戶的。The access grant was obtained for a different tenant.
7000170001 在名為 Y 的租用戶中找不到名為 X 的應用程式。如果租用戶系統管理員尚未安裝識別碼為 X 的應用程式,或租用戶中的任何使用者尚未同意使用此應用程式,便可能發生此錯誤。The application named X was not found in the tenant named Y. This can happen if the application with identifier X has not been installed by the administrator of the tenant or consented to by any user in the tenant. 可能是針對應用程式所設定的識別碼值不正確,或將驗證要求傳送給錯誤的租用戶。You might have misconfigured the Identifier value for the application or sent your authentication request to the wrong tenant.
7000270002 應用程式傳回的用戶端認證無效。The application returned invalid client credentials. 請連絡應用程式擁有者。Contact the application owner.
7000370003 應用程式傳回的授與類型不受支援。The application returned an unsupported grant type. 請連絡應用程式擁有者。Contact the application owner.
7000470004 應用程式傳回的重新導向 URI 無效。The application returned an invalid redirect URI. 用戶端所指定的重新導向位址,與已設定的位址或 OIDC 核准清單上的位址全都不符。The redirect address specified by the client does not match any configured addresses or any addresses on the OIDC approve list. 請連絡應用程式擁有者。Contact the application owner.
7000570005 應用程式傳回的回應類型不受支援,原因如下:The application returned an unsupported response type due to the following reasons:
  • 未對應用程式啟用 'token' 回應類型response type 'token' is not enabled for the application
  • 'id_token' 回應類型需要 'OpenID' 範圍 - 在編碼的 wctx 中包含不受支援的 OAuth 參數值response type 'id_token' requires the 'OpenID' scope -contains an unsupported OAuth parameter value in the encoded wctx
請連絡應用程式擁有者。Contact the application owner.
7000770007 應用程式在要求權杖時傳回的 'response_mode' 值不受支援。The application returned an unsupported value of 'response_mode' when requesting a token. 請連絡應用程式擁有者。Contact the application owner.
7000870008 所提供的授權碼或重新整理權杖已過期或已撤銷。The provided authorization code or refresh token is expired or has been revoked. 請讓使用者重試登入。Have the user retry signing in.
7001170011 應用程式所要求的範圍無效。The scope requested by the application is invalid. 請連絡應用程式擁有者。Contact the application owner.
7001270012 在驗證 MSA (取用者) 使用者時,發生伺服器錯誤。A server error occurred while authenticating an MSA (consumer) user. 重試登入時,如果問題持續發生,請開啟支援票證 Retry the sign-in, and if the issue persists, open a support ticket 
7001870018 驗證碼無效,因為使用者針對裝置碼流程所輸入的使用者代碼錯誤。Invalid verification code due to User typing in wrong user code for device code flow. 授權未獲核准。Authorization is not approved.
7001970019 驗證碼過期。Verification code expired. 請讓使用者重試登入。Have the user retry the sign-in.
7003770037 所提供的挑戰回應不正確。Incorrect challenge response provided. 已拒絕遠端驗證工作階段。Remote auth session denied.
7500175001 SAML 訊息繫結期間發生錯誤。An error occurred during SAML message binding.
7500375003 應用程式傳回了與未支援繫結相關的錯誤 (無法透過 HTTP POST 以外的繫結傳送 SAML 通訊協定回應)。The application returned an error related to unsupported Binding (SAML protocol response cannot be sent via bindings other than HTTP POST). 請連絡應用程式擁有者。Contact the application owner.
7500575005 Azure AD 不支援應用程式為單一登入傳送的 SAML 要求。Azure AD doesn’t support the SAML Request sent by the application for Single Sign-on. 請連絡應用程式擁有者。Contact the application owner.
7500875008 應用程式所提出的要求遭拒,因為 SAML 要求有未預期的目的地。The request from the application was denied since the SAML request had an unexpected destination. 請連絡應用程式擁有者。Contact the application owner.
7501175011 使用者用來向服務進行驗證的驗證方法,與所要求的驗證方法不符。Authentication method by which the user authenticated with the service doesn't match requested authentication method. 請連絡應用程式擁有者。Contact the application owner.
7501675016 SAML2 驗證要求所具有的 NameIdPolicy 無效。SAML2 Authentication Request has invalid NameIdPolicy. 請連絡應用程式擁有者。Contact the application owner.
8000180001 驗證代理程式無法連線至 Active Directory。Authentication Agent unable to connect to Active Directory. 請確定能看到使用者登入要求處理 DC、且已加入網域的機器上,已安裝驗證代理程式。Make sure the authentication agent is installed on a domain-joined machine that has line of sight to a DC that can serve the user's login request.
8000280002 內部錯誤。Internal error. 密碼驗證要求逾時。我們無法將驗證要求傳送至內部的混合式識別服務。Password validation request timed out. We were unable to either send the authentication request to the internal Hybrid Identity Service. 開啟支援票證,以取得有關錯誤的詳細資料。Open a support ticket to get more details on the error.
8000380003 驗證代理程式收到無效的回應。Invalid response received by Authentication Agent. 嘗試對 Active Directory 內部部署進行驗證時,發生未知錯誤。An unknown error occurred while attempting to authentication against Active Directory on-premises. 開啟支援票證,以取得有關錯誤的詳細資料。Open a support ticket to get more details on the error.
8000580005 驗證代理程式:處理「驗證代理程式」所傳來的回應時,發生未知錯誤。Authentication Agent: An unknown error occurred while processing the response from the Authentication Agent. 開啟支援票證,以取得有關錯誤的詳細資料。Open a support ticket to get more details on the error.
8000780007 驗證代理程式無法驗證使用者的密碼。Authentication Agent unable to validate user's password.
8001080010 驗證代理程式無法連線將密碼解密。Authentication Agent unable to decrypt password.
8001180011 驗證代理程式無法擷取加密金鑰。Authentication Agent unable to retrieve encryption key.
8001280012 使用者在允許的時間外 (此值是在 AD 中指定的) 嘗試登入。The users attempted to log on outside of the allowed hours (this is specified in AD).
8001380013 無法完成驗證嘗試,因為執行驗證代理程式的機器和 AD 之間有時間差異。The authentication attempt could not be completed due to time skew between the machine running the authentication agent and AD. 請修正時間同步問題Fix time sync issues
8001480014 驗證代理程式逾時。請開啟支援票證,其中包含錯誤碼、相互關聯識別碼和日期時間,可取得更多關於此錯誤的詳細資料。Authentication agent timed out. Open a support ticket with the error code, correlation ID, and Datetime to get more details on this error.
8100181001 使用者的 Kerberos 票證太大。User's Kerberos ticket is too large. 如果使用者位於過多群組,以致於 Kerberos 票證包含過多群組成員資格,便會發生此錯誤。This can happen if the user is in too many groups and thus the Kerberos ticket contains too many group memberships. 降低使用者的群組成員資格,並再試一次。Reduce the user's group memberships and try again.
8100581005 驗證套件不受支援。Authentication Package Not Supported.
8100781007 租用戶未啟用無縫 SSO。Tenant is not enabled for Seamless SSO.
8101281012 這不是錯誤狀況。This is not an error condition. 這表示嘗試登入 Azure AD 的使用者與登入裝置的使用者不同。It indicates that user trying to sign in to Azure AD is different from the user signed into the device. 您可以放心地忽略記錄中此錯誤碼。You can safely ignore this code in the logs.
9001090010 基於各種不同的原因而不支援該要求。The request is not supported for various reasons. 例如,該要求是使用不支援的要求方法 (僅支援 POST 方法),或不支援所要求的權杖簽章演算法。For example, the request is made using an unsupported request method (only POST method is supported) or the token signing algorithm that was requested is not supported. 請連絡應用程式開發人員。Contact the application developer.
9001490014 遺漏通訊協定訊息的必要欄位,請連絡應用程式擁有者。A required field for a protocol message was missing, contact the application owner. 如果您是應用程式擁有者,請確定擁有登入要求的所有必要參數。If you are the application owner, ensure that you have all the necessary parameters for the login request.
9005190051 無效的委派權杖。Invalid Delegation Token. 指定不正確的國家雲端識別碼 ({cloudId})。Invalid national Cloud ID ({cloudId}) is specified.
9007290072 必須先在租用戶中將帳戶新增為外部使用者。The account needs to be added as an external user in the tenant first. 登出後再使用不同的 Azure AD 帳戶登入。Sign-out and sign-in again with a different Azure AD account.
9009490094 進行授與需要系統管理員權限。The grant requires administrator permissions. 詢問您的租用戶系統管理員,以提供對此應用程式的同意。Ask your tenant administrator to provide consent for this application.
500021500021 公司 proxy 會限制租用戶。Tenant is restricted by company proxy. 拒絕的資源存取權。Denying the resource access.
500121500121 增強式驗證要求期間驗證失敗。Authentication failed during strong authentication request.
500133500133 Assert 陳述式不在其有效時間範圍內。The assertion is not within its valid time range. 先確認存取權杖未過期,再將它用於使用者 Assert 陳述式,或要求新權杖。Ensure that the access token is not expired before using it for user assertion, or request a new token.
530021530021 應用程式不符合已核准的條件式存取應用程式需求。Application does not meet the Conditional Access approved app requirements.
70002187000218 要求本文必須包含下列參數: 'client_assertion' 或 'client_secret'。The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

後續步驟Next steps