Errors associated with Web Account Manager (WAM)
Generally, errors generated by the MSAL component that interacts with the Web Account Manager (WAM) are automatically converted to an instance of MsalException. This enables developers to not worry about the internals and instead handle errors through idiomatic .NET constructs. However, for additional deep dives, developers will often need to investigate specific error messages.
The table below highlights some of the most common errors along with potential mititgation strategies. For other exceptions, refer to the Exceptions document.
Warning
Error codes and error messages are presented for reference only. We do not recommend manually implementing exception handling strategies based on these and instead use the standard MsalException-based approach.
| Error Code | Error message | Mitigation |
|---|---|---|
| 2147943631 | The network location cannot be reached. For information about network troubleshooting, see Windows Help. | Potentially an intermittent error. Try running the code later, and ensure that the computer has active Internet access. |
| 2147943717 | The specified account does not exist. | Ensure that the account used with WAM exists. |
| 2148074254 | No credentials are available in the security package | |
| 2156265477 | Online Id account properties must be updated before signin. | For the specified account, log in to your account to ensure it's fully set up. |
| 2156265478 | To help protect your Online Id account you must signin again. | Perform a sign in for the target account with WAM. |
| 2156265481 | Online Id signin name is not yet verified. Email verification is required before signin. | Verify the account via email to make sure that it can be used. |
| 2156265482 | We have noticed some unusual activity in your Online Id account. Your action is needed to make sure no one else is using your account. | Log in to your account and verify that the account is not suspended. |
| 2156265483 | We detected some suspicious activity with your Online Id account. To help protect you, we've temporarily blocked your account. | Selected account is not currently able to be used for authentication. |
| 2156265484 | User interaction is required for authentication. | When authenticating the user, WAM could not use a cached token. User needs to be prompted for authentication via AcquireTokenInteractive. |
| 3399548929 | Need user interaction to continue. | When authenticating the user, WAM could not use a cached token. User needs to be prompted for authentication via AcquireTokenInteractive. |
| 3399614467 | V2Error: invalid_grant AADSTS500341: The user account {ID} has been deleted from the {TENANT_ID} directory. To sign into this application, the account must be added to the directory. | Ensure that the account with which the user tries to sign in is registered in Microsoft Entra ID. |
| 3399614476 | V2Error: invalid_grant AADSTS50078: Presented multi-factor authentication has expired due to policies configured by your administrator, you must refresh your multi-factor authentication to access {API_TARGET}. | Account needs to be configured by the Microsoft Entra administrator with up-to-date MFA settings. |
| 2148073494 | Keyset does not exist Internal Error Code: 545133655 | |
| 2148073520 | The device that is required by this cryptographic provider is not ready for use. Internal Error Code: 545133655 | |
| 80090016 | NTE_BAD_KEYSET | Issue with the device Trusted Platform Module (TPM). Follow device recovery instructions to get the PC into a good state. |
Unlisted errors
Because WAM is a new component, when errors occur we recommend logging data from AdditionalExceptionData and logging a bug. We will document the issue as soon as possible.