The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Multi-Factor Authentication!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
mfa on Iphone 13.1 stops working after a few hours error code 50199 shown in Azure sign in log RRS feed

  • Question

  • please bear with me here...

    setting up the mfa and pairing with native mail app works for a while, but then fails after a few hours

    looking at the documentation page for errors this particular error code is not listed.

    but can be found by going to 

    https://login.microsoftonline.com/error

    and typing the error code 50199 and this is the message

    Message: "Conditions to show CMSI interrupt are met." <- what does this mean and how do i fix it? we have re-enrolled the user more than once reset the entire mfa and removed/reinstalled the exchange mail account and the mfa app. the result is still the same. it this error related to hardware ?

    <label class="azc-form-label" data-bind="untrustedContent: $data" for="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646f5-for" id="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646f5" style="font-weight:inherit;max-width:100%;">Status</label>
    Failure
    <label aria-hidden="true" class="azc-text-sublabel msportalfx-tooltip-overflow" data-bind="untrustedContent: $data" style="font-weight:inherit;float:right;margin-bottom:-1px;color:#595959;"></label>
    <label class="azc-form-label" data-bind="untrustedContent: $data" for="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646f8-for" id="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646f8" style="font-weight:inherit;max-width:100%;">Sign-in error code</label>
    50199
    <label aria-hidden="true" class="azc-text-sublabel msportalfx-tooltip-overflow" data-bind="untrustedContent: $data" style="font-weight:inherit;float:right;margin-bottom:-1px;color:#595959;"></label>
    <label class="azc-form-label" data-bind="untrustedContent: $data" for="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646fb-for" id="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646fb" style="font-weight:inherit;max-width:100%;">Failure reason</label>
    Other
    <label aria-hidden="true" class="azc-text-sublabel msportalfx-tooltip-overflow" data-bind="untrustedContent: $data" style="font-weight:inherit;float:right;margin-bottom:-1px;color:#595959;"></label>
    <label class="azc-form-label" data-bind="untrustedContent: $data" for="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646fe-for" id="azc-form-guid-35a2e476-2a63-4536-9d57-5c8b66b646fe" style="font-weight:inherit;max-width:100%;">Client app</label>

    Mobile Apps and Desktop clients

    now i know that this error code,  should not be MFA related, but we have not seen this issue until after we enabled mfa for this user.

    the mfa info reports that MFA was not triggered (because the logon was performed from a whitelisted IP adr), but the user is caught in what seems like loop with the autentication to the native mail app failing / keeps asking for pw.


    • Edited by ssi0202 Friday, September 27, 2019 11:48 AM
    Friday, September 27, 2019 10:25 AM

Answers

  • Hello ssi0202

    I believe The native app is setup first time and it continue to work until it needs a non-https redirect uri (for example minecraft://) . The native app may have a routine calling acquireTokenSilent  function and this may not be working and throwing exception after appox. an hour (which is normal validity of access token) . The mail app actually needs to catch these exceptions and rather than giving out exceptions it must catch this and call either acquireTokenPopup or acquireTokenRedirect just like we call during any other user interaction errors.  In this case , I am not sure if the application owner provides you with a newer version of the product but i have seen updates fix this. If not , you may have to raise this with the native mail app provider . 

    Hope this answers your query. If the post helps you , please do mark it as answer which will help other community members with similar questions. In case you still have any queries , please do let us know and we will try to help you further. 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    Sunday, September 29, 2019 6:38 PM
    Moderator

All replies

  • Hello ssi0202

    I believe The native app is setup first time and it continue to work until it needs a non-https redirect uri (for example minecraft://) . The native app may have a routine calling acquireTokenSilent  function and this may not be working and throwing exception after appox. an hour (which is normal validity of access token) . The mail app actually needs to catch these exceptions and rather than giving out exceptions it must catch this and call either acquireTokenPopup or acquireTokenRedirect just like we call during any other user interaction errors.  In this case , I am not sure if the application owner provides you with a newer version of the product but i have seen updates fix this. If not , you may have to raise this with the native mail app provider . 

    Hope this answers your query. If the post helps you , please do mark it as answer which will help other community members with similar questions. In case you still have any queries , please do let us know and we will try to help you further. 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    Sunday, September 29, 2019 6:38 PM
    Moderator
  • hi thanks for the answer.

    just to clearify you are stating that the native Apple mail app is broken in this reguard correct ?

    The really odd thing here is that we have only seen this particular issue at at very small number of users that we rolled MFA out to, and the vast majority of these use the native iphone mail app.

    is there any logging on the MFA / Azure side to determine if this is infact what happend here, or will this be on the device (iphone) somewhere. I know I might be asking beyond the MS software here.

    thank you for your reply.

    Monday, September 30, 2019 7:20 AM
  • Hi

    Have the same issue with one user. Disabled MFA on the user to test, and it worked fine.

    Something with the iOS Accounts app?

    Wednesday, November 6, 2019 1:30 PM