Professional Documents
Culture Documents
Check User's Sign-In Activity Logs Log On AAD Portal Active Directory Activity Sing in
Check User's Sign-In Activity Logs Log On AAD Portal Active Directory Activity Sing in
Check User's Sign-In Activity Logs Log On AAD Portal Active Directory Activity Sing in
Sign-in error
code Sign-in failure reason Resolution
User's Kerberos ticket is
81001 too large. Reduce the user's group memberships and try again.
Unable to validate the
81002 user's Kerberos ticket. See the troubleshooting checklist.
Unable to validate the
81003 user's Kerberos ticket. See the troubleshooting checklist.
Kerberos authentication
81004 attempt failed. See the troubleshooting checklist.
Unable to validate the
81008 user's Kerberos ticket. See the troubleshooting checklist.
Unable to validate the
81009 user's Kerberos ticket. See the troubleshooting checklist.
Seamless SSO failed
because the user's
Kerberos ticket has The user needs to sign in from a domain-joined device
81010 expired or is invalid. inside your corporate network.
Unable to find the user
object based on the
information in the user's Use Azure AD Connect to synchronize the user's
81011 Kerberos ticket. information into Azure AD.
The user trying to sign in
to Azure AD is different
from the user that is
81012 signed in to the device. The user needs to sign in from a different device.
Unable to find the user
object based on the
information in the user's Use Azure AD Connect to synchronize the user's
81013 Kerberos ticket. information into Azure AD.
Domain controller logs
If you enable success auditing on your domain controller, then every time a user signs in through
Seamless SSO, a security entry is recorded in the event log. You can find these security events by
using the following query. (Look for event 4769 associated with the computer account
AzureADSSOAcc$.)
<QueryList>
</Query>
</QueryList>
Query.txt
Known issues
Troubleshooting checklist