ErrorCode: invalid_grant StatusCode: 400

Error AADSTS50126 / invalid_grant installing Azure AD Connect ErrorCode: invalid_grant StatusCode: 400

I encountered this error when deploying new Azure AD Connect instances to enable high availability for a customer. In the configuration step of the installation I received the following errors. I try to ad my admin account in exception but still I am getting the same error. I think It could be a compatibility of issue with MFA.

I did see any error or warning in event log except the below information:

Authenticate-ADAL: Interaction Required [interaction_required] – AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access ‘00000002-0000-0000-c000-000000000000’.
Trace ID: 788b41b2-ec8e-40ee-85a8-365db4366300

HTTP 400 is expected for that response.

According to the spec at

The authorization server responds with an HTTP 400 (Bad Request)
status code (unless specified otherwise) and includes the following
parameters with the response:

The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.

1 Like