Error Code MFA-041
Hi,
Every once in a while we get a users complaining they can't login to their Windows device getting error code MFA-041, typically this is when they are working remotley and not connected to our VPN. I'm able to gte round this by issuing an uninstall command to remove the agent but I'm trying to understand why this happens.
We're not enforcing MFA on Windows login for our users, only have policies to force things like password strength, give the users the ability to change password/unlock from the login screen etc. We have a reverse proxy setup and I was able to confirm it was reachable at the time.
I checked the ADSS Agent log and found this but I don't really know what it means?
Verifying creds using LogonUser with LOGON32_LOGON_INTERACTIVE
May 30 07:47:11: 15804:
Going to Login with specified domainName - M********
May 30 07:47:11: 15804: 15May 30 07:47:11: 15804: LogonUser success for user
May 30 07:47:11: 15804: user is verified
May 30 07:47:11: 15804: Existing active session of user available
May 30 07:47:11: 15804: MFA for Scenario : UNLOCK
May 30 07:47:11: 15804: EnrollmentHandler::EnrollmentHandler : Successfully initialized offline MFA sync related data
May 30 07:47:11: 15804: OfflineDataHandler::getOfflineData : No offline Data present for the user
May 30 07:47:11: 15804: OfflineDataHandler::getOfflineData : No offline Data present for the user
May 30 07:47:11: 15804: EnrollmentHandler::preAuth : user Policy data not found/ user not enrolled
May 30 07:47:11: 15804: isWinLogMFAEnabled :: User Name : tom.ma******, Domain Name : M*******, Agent Version : 6.10, MFA Scenario: UNLOCK, Machine Name : GB*********
May 30 07:47:11: 15804: HttpClient :: sendRequest started..........
May 30 07:47:11: 15804: HttpClient :: sendRequest - Ended
May 30 07:47:11: 15804: isWinLogMFAEnabled::result for preAuth processing starts...
May 30 07:47:11: 15804: isWinLogMFAEnabled :: Valid Json response from server and Response contains RESULT
May 30 07:47:11: 15804: isWinLogMFAEnabled :: MFA_STATUS - api_auth_failed
May 30 07:47:11: 15804: Failed to get LanguageId from registryMay 30 07:47:11: 15804: isWinLogMFAEnabled :: Api authorization failed
May 30 07:47:11: 15804: Bypass NotPermitted when Authorization error occured
May 30 07:47:11: 15804: ****************GetSerialisation ends**************
May 30 07:47:11: 15804: ****************ReportResult(of CSampleCredential) Starts***************
May 30 07:47:11: 15804: ****************ReportResult(of CSampleCredential) Ends***************
May 30 07:47:11: 15804: ****************SetStringValue(of CSampleCredential) Starts***************
May 30 07:47:11: 15804: ****************SetStringValue(of CSampleCredential) Ends***************
May 30 07:48:44: 7140: Filter CPUS :: 1
May 30 07:48:44: 7140: UsageScenario :: 1
May 30 07:48:44: 7140: Wrapped Provider :: {60B78E88-EAD8-445C-9CFD-0B87F74EA6CD}
May 30 07:48:44: 7140: Filter CPUS :: 5
May 30 07:48:44: 7140: Create ADSSP Tile (Reset Password / Unlock Account)
May 30 07:48:44: 7140: Default Tile # 0
Any ideas what we can do to stop it happening again?
Thanks