Symptoms
When using desktop flows from cloud flows, you may encounter invalid credentials errors in the following cases:
-
When you create your desktop flows connection
-
During flow execution where you will see the error code "WindowsIdentityIncorrect". The message associated with this code may be “The credentials provided with the request are invalid” or something more specific.
Note: this article does NOT address invalid credentials logging into Power Auomate for desktop or the runtime application from your computer.
Causes
This means the credentials in the connection failed to authenticate on the targeted machine.
When creating a connection, Power Automate does a check to ensure the credentials are valid. A connection cannot be created with credentials that do not authenticate with the target machine and you will get an error describing the problem when creating the connection.
If you had previously succeeded at creating your connection and now are getting the error when running your flow, this means that something with regard to the user account or machine changed (for example if your password has expired).
Resolution
To see an error message with specific details on what went wrong, please ensure you have Power Automate version 2.24 or higher installed. Often this will give you enough information to solve the problem. The table in the next section is also available as a reference for some error codes.
If you do not have a more specific error associated with the problem, the easiest way to troubleshoot is to login to the machine with the exact credentials as you put inside your connection. You can try this via logging into the machine locally or via a Remote Desktop connection. You should receive the same error message that Power Automate receives when trying to authenticate your credentials. Please also see the "Common other reasons" section below.
Specific error code resolutions
Error code |
Error message |
Resolution |
-1073741477 |
A user has requested a type of logon (e.g., interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network. |
Please follow this article. |
-1073445812 |
The user's UPN isn't in the expected format |
Please try your login using both the user@domain.com and DOMAIN\user formats. |
-1073741062 |
Smart card logon is required and was not used |
Connections to machines requiring smart card logons are not supported. Please use a machine without this requirement. |
Common other reasons
The following is a non-exhaustive list of some of what may prevent logon on the target machine (besides having an incorrect username or password):
-
The machine cannot connect to its Domain or Azure Active Directory (AAD) because it is not properly joined. If connecting with AAD, you can learn more some basic troubleshooting in this article.
-
You are using a <DOMAIN>\<user> username and should use <user>@<webdomain> instead (or vice versa).
-
The administrator has changed the policies of the machine (check especially "user rights assignments"). See detailed article here.
-
The machine cannot call the authentication endpoint due to a network issue
The following is a list of some common reasons of what may be configured incorrectly for the user account:
-
The administrator has changed the credentials of the account
-
The domain user account is not propagated to the machine
-
The user account lost privileges or is disabled
-
The user account password has expired