"Sorry, but we're having trouble signing you in" and "80048163" error when a federated user tries to sign in to Office 365, Azure, or Windows Intune

Article translations Article translations
Article ID: 2535191 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune from a sign-in webpage whose URL starts with https://login.microsoftonline.com/login, authentication for that user is unsuccessful. The user gets the following error message:
Sorry, but we're having trouble signing you in

Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error:
80048163

CAUSE

This issue may occur if one of the following conditions is true:
  • A user’s UPN was updated, and old sign-in information was cached on the Active Directory Federation Services (AD FS) server. When the SAM account of the user is changed, the cached sign-in information may cause problems the next time that the user tries to access services.
  • The claims that are set up in the relying party trust with Azure Active Directory (Azure AD) return unexpected data. This behavior may occur when the claims that are associated with the relying party trust are manually edited or removed.

SOLUTION

Resolution 1: Disable Local Security Authority (LSA) credential caching on the AD FS server

You can update the LSA cache time-out setting on the AD FS server to disable caching of Active Directory credential info. Use this method with caution. It may put an additional load on the server and Active Directory.

Important This method contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more info about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To resolve this issue, follow these steps:
  1. Make sure that the changes to the user’s UPN are synced through directory synchronization.
  2. Direct the user to log off the computer and then log on again.
  3. If steps 1 and 2 don't resolve the issue, follow these steps:
    1. Open Registry Editor, and then locate the following subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    2. Right-click Lsa, click New, and then click DWORD Value.
    3. Type LsaLookupCacheMaxSize, and then press ENTER to name the new value.
    4. Right-click LsaLookupCacheMaxSize, and then click Modify.
    5. In the Value data box, type 0, and then click OK.
    6. Exit Registry Editor.
LsaLookupCacheMaxSize reconfiguration can affect sign-in performance, and this reconfiguration isn't needed after the symptoms subside. This method should be used only temporarily, and we strongly recommend that you delete the LsaLookupCacheMaxSize value after the issue is resolved. To do this, follow these steps:
  1. Open Registry Editor, and then locate the following subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Right-click LsaLookupCacheMaxSize, and then click Delete.
  3. Exit Registry Editor.

Resolution 2: Update the relying party trust with Azure AD

To update the relying party trust, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
2647048 How to update or repair the settings of a federated domain in Office 365, Azure, or Windows Intune

MORE INFORMATION

Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Properties

Article ID: 2535191 - Last Review: July 9, 2014 - Revision: 36.0
Applies to
  • Microsoft Azure
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365a mosdal4.5 o365e o365022013 o365m KB2535191

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com