Jump to content

Lesson Learned #293: Common errors connecting to Azure SQL DB using Azure Active Directory

Guest Jose_Manuel_Jurado
Guest Jose_Manuel_Jurado
in Microsoft Support & Discussions

Featured Replies

Posted

In some situations, as you could find in this URL Additional Endpoints Required for AAD Authentication and CRL Checks for Azure SQL DB - Microsoft Community Hub we faced connectivity problems reaching the different endpoints of AAD or opening the outbound ports 443.

 

 

 

I would like to share my lessons learned based on error code and messages about this issue:

 

 

 

  • Unable to acquire authorization token: No connection could be made because the target machine actively refused it x.x.x.x:443
    • The service located on port 443 is not responding or a firewal is blocking the port 443 or the IP.

    [*]

    Unable to acquire authorization token: An attempt was made to access a socket in a way forbidden by its access permissions x.x.x.x:443

     


    • A firewal is blocking the port 443 or the IP.
       

    [*]Unable to acquire authorization token: Object reference not set to an instance of an object.

    • The service located on port 443 is not responding or firewal is blocking the port 443 or the IP.

    [*]Error code 0xA190; state 41360 - The requested URL was rejected. SAML token not found in response.

    • Any proxy server or firewall is rejecting to access any AAD endpoints needed.

 

 

 

Also, in some cases, we could

 

 

 

  • If the domain of the user, for example, username@domain.com is not found or invalid.
    • Error code 0xCAA90018; state 10 - Could not discover a user realm..

    [*]If the domain doesn't exist.

    • Error code 0xCAA9003B; state 10 - ADAL received an empty response from the server during a WIA flow and could not continue..

    [*]If the user doesn't exist in the domain specified,

    • Error code 0xCAA20003; state 10 - ID3242: The security token could not be authenticated or authorized..

    [*]If your Azure Active Directory administrator only allows a MFA connection.

    • Error code 0xCAA2000C; state 10 - AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '022907d3-0f1b-48f7-badc-1ba6abab6d66'.
       

 

Enjoy!

 

Continue reading...

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing