Views:

NOTE : Please use this KBA in the event users are connected to MSFTVPN but cannot access UI pages.

 

Please ensure the user is connected to MSFTVPN and System is domain joined. Once ensured, please follow the workaround below to resolve the issue. The Global Helpdesk has identified the issue as being caused by stale Windows Credentials on the local machines and has provided steps to clear this issue. Here is the document which can be provided to the user as well.
 
<<MSRA Login Fails with Windows Hello PIN Resolution Steps.docx>>
 
Workaround:
 

  • Go to Credential Manager (Control Panel\User Accounts\Credential Manager) and select Windows Credentials:
 

 
  • Remove any credentials under Windows Credentials:
 
 
Graphical user interface, text, application<br><br>Description automatically generated
 
  • Under Generic Credentials remove the SSO_POP_Device and virtualapp/didlogical items:
 
 

 

 
 
  • For Azure AD joined device perform MDM sync:
    • Go to Windows Settings > Accounts > Access Work or School > Click on Azure AD account > Info > Sync
 
  • For AD joined device perform group policy update:
    • Connect to MSFTVPN
    • Go to Run and type cmd
    • In the command prompt type gpupdate /force
 
  • Restart the device.
  • Log into device with PIN, Hello or method of choice.
  • Connect to MSFTVPN.
  • Try accessing the pages
If you follow the instructions and are still not able to access UI pages or have other network issues, please reach out to the Global Helpdesk here.
 
Keywords: 401 error, access issue