Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

After Azure AD Authentication Library (ADAL) is enabled, users cannot sign in to Skype for Business, and they receive the following error message:

You didn’t get signed in. It might be your sign-in address or logon credentials, so try those again. If that doesn’t work, contact your support team.


error

Cause

This issue occurs because Integrated Windows Authentication is enabled for the ADAL Security Token Service (STS) URL. Therefore, users are signing in to Skype for Business by using different user credentials than those for the account that is logged on to the Operating System.

Resolution

To resolve this issue, change the Internet Explorer “User Authentication” settings on the affected client computers to “prompt for user name and password” in the security zone. To do this, use one of the following methods.



Method 1: Change the setting manually

  1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.

  2. Select the security zone that includes the STS URL. Typically, this is the Local Intranet zone.

  3. Click the Custom level button, and then scroll to the end of the Settings list.

  4. In the User Authentication section, select the Prompt for user name and password option.

Method 2: Use Group Policy

Push the following registry key to the affected client computers by using the following Group Policy Object:

  • Location: HKEY_LOCAL\MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

  • Value name: 1A00

  • Type: REG_DWORD

  • Value: 0x10000

The value 0x10000 represents the “Prompt for user name and password” setting.

More Information

When the ADAL STS URL resolves to an internal ADFS server, and Integrated Windows Authentication is enabled in browsers, computers on which many users sign in to client applications may not authenticate the logon attempts. To avoid this issue, the browser must be explicitly configured to prompt users for their credentials in a given browser Security Zone. For example, a kiosk is configured in this manner. The account that is logged on to the operating system may be different from the user account that is used to sign in to the Skype for Business client. In this situation, you may see the failures that are described in the "Symptoms" section. 

If you have kiosks on which the user who starts the Skype for Business client differs (that is, has a different account) from the user who is logged on to the computer, you may want to test the method of turning on the Prompt for user name and password option for these computers in Group Policy.

References

How to use Modern Authentication (ADAL) with Skype for Business

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×