A flow that ran using an AAD account fails with the "InvalidConnectionCredentials" or "WindowsIdentityIncorrect" error codes.
There are many reasons you may get this error when using an AAD account:
- The account credentials entered into the connection may not match those on the machine
- The device may not be AAD joined (or hybrid AAD joined) to support AAD authentication.
- The AAD account may not be synchronized to the machine
First, ensure that the device is AAD-joined or domain-joined:
- Open a command prompt
- Run the command "dsregcmd /status"
- Check the "Device State" section
Make sure that one of the "DomainJoined" or "AzureAdJoined" values is "YES".
If it is not the case, an AAD account can't be used unless the device is joined, see the Microsoft documentation on How to join a device.
Second, identify the AAD account to use in the machine configuration:
- Open "Settings" and select "Accounts".
- Select "Access work or school"
- Make sure you see text that says something like, "Connected to <your_organization> Azure AD". The account by which it says it's connected can be used in the connection.
Third, synchronize the AAD account on the device. To do this:
- Click on the "Info" button when selecting your Azure AD connection in the "Access work or school" screen.
- This will open a screen which describes your connection info and device sync status. There will be a button "Sync" at the end of this -- click this button, and wait for this process to complete.
Fourth, check that the configured AAD account can log into the device:
- Try to log into the machine using the AAD account identified in the step above.
- The device login must be successful in order to be used in a connection.
Lastly, make sure the flow is configured properly with the right username and password. This much match the account on your computer.