Good day,
We seem to be having some trouble with Microsoft Teams authentication for some users on new computers that have been added to our internal domain. Currently this is only happening to users that are logging into the computer for the first time. We have now confirmed that it is happening on all versions of Windows 10 that we can test from 1809 to 1903. The O365 accounts and licensing are fine, each user can login to Teams web app and use the service just fine. This is unexpectedly only the Microsoft Teams software not working.
Very importantly, we are never prompted for a password. We enter the proper email address for the Office 365 user and click sign-in. After doing so we are greeted with the below screen, there is no attempt or request to authenticate. There are no credentials in the credential manager and we have cleared all others to be sure it is unrelated.
We were also able to find that when the computers are removed from the domain they can login but not when added to the domain. When the computer is added to the domain and even if put in an OU blocking all policies from AD it still gives the same error whether it is a domain or local user account. Additionally, it doesn't matter which user is attempting to authenticate. You get the same error message when you attempt a fake address as well as a valid address. This makes me believe that the authentication process doesn't even get to the point of actually authenticating the user before it fails inexplicably.
It is clear this is an issue with the forms based authentication and it appears to be bypassing that step for some reason that I can't understand that just started but only when the PC is attached to the domain. If I remove the device from the domain it immediately starts working and as I mentioned. All existing PCs we have running on the domain are working without issue but when we log a new user into the computer it doesn't work, whether that be a local or domain user.
The error is as follows and is in the screen capture below. The first portion changes every time an attempt is made but I included it for reference since it is shown in the capture.
desktop-029172fb-76ac-4134-a8b8-c7df6ca648a8 <this part of the message changes with every attempt>
Error code - caa70004
There's a more permanent way to sign in to Microsoft Teams. If you're having trouble completing the process, talk to your IT admin.
I can provide the logs but wasn't able to include them because of the character limit.
I am at a total loss, the only things I can seem to hint at with the errors but not with the error code is a potential issue with AD FS but we do not use AD FS internally and it isn't configured on the domain. All other Office applications such as Outlook will connect and are completely content with being on our domain but Teams will not work.
Your assistance with this matter is greatly appreciated.