Team and outlook authentication issue

Nandan NK 50 Reputation points
2026-04-29T18:06:13.9533333+00:00

Our users have been using Windows 11 devices for years, but recently few users have started experiencing Teams and Outlook authentication issues every 2–3 hours. They are receiving the error shown below.

I have tried clearing the cache and verified that the devices are hybrid Azure AD joined, with Azure PRT set to “Yes.” Restarting the machine temporarily resolves the issue, but it returns after some time.

We have also reinstalled Office and performed a repair, but the issue persists.

Could someone please assist in identifying and fixing this issue?

User's image User's image

Microsoft Teams | Microsoft Teams for business | Teams and channels | Other
0 comments No comments

2 answers

Sort by: Most helpful
  1. Kai-L 14,835 Reputation points Microsoft External Staff Moderator
    2026-04-29T18:51:11.4333333+00:00

    Dear @Nandan NK,

    Good day, and I appreciate the detailed description of your issue. From my research, this is a well-known authentication problem (especially on Hybrid Azure AD joined Windows 11 devices) related to the Web Account Manager (WAM), Primary Refresh Token (PRT), and corrupted identity/token caches. The fact that it returns every 2-3 hours and a restart temporarily fixes it strongly points to a token refresh or cache corruption issue. Please try the following steps and see if they help.

    1.Clear the problematic identity caches 

    Fully close all Microsoft apps: Teams, Outlook, OneDrive, Edge, Word, Excel, etc. (check Task Manager > End any Microsoft processes).

    Open File Explorer and go to these folders (copy-paste the paths):

    %localappdata%\Microsoft\OneAuth

    %localappdata%\Microsoft\IdentityCache

    1. Cut (not copy) both folders and paste them to your Desktop (this backs them up).
    2. Restart the computer.
    3. Sign back into Teams and Outlook.

    Windows will recreate fresh versions of these folders. This resolves the issue for many users.

    2.Reset the Microsoft AAD Broker Plugin 

    1. Close all Microsoft apps.
    2. Go to this folder: %localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
    3. Rename the folder to: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy.OLD
    4. Restart the PC and sign in again.

    3.Check for multiple work or school accounts 

    • Go to Windows Settings > Accounts > Access work or school.
    • If you see more than one account (especially from another organization, old tenant, or personal account), remove the extra ones.
    • Keep only your primary company account.
    • Restart and test.

    4.Contact technical support

    If the problem continues after the steps above, please contact your IT support and provide them with the correlation ID, error codes, device details, the troubleshooting steps you’ve already tried (including the information shared here).

    They can review:

    • Conditional Access policies
    • Recent authentication or policy changes
    • Possible duplicate or stale identity references in the tenant

    Additionally, if the issue continues or requires deeper investigation, they can also submit a support request directly with Microsoft Support. A support engineer will be able to review the diagnostics, investigate the issue in more detail, and escalate it internally if further attention is required.

    I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this. Thank you for your patience and understanding. If you have any questions or need further assistance, please feel free to share them in the comments so I can continue to support you. I'm looking forward to your reply.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

    Was this answer helpful?


  2. AI answer

    2026-04-29T18:06:37.9633333+00:00

    The behavior matches intermittent failures in the Windows Web Account Manager (WAM) / token broker layer that affect all Microsoft 365 apps (Teams, Outlook, Office). Restarting the device temporarily restores the WAM components, which is why sign-in works again for a while.

    Use these steps to stabilize authentication on affected Windows 11 devices:

    1. Repair the WAM and Cloud Experience Host packages
      • Open Windows PowerShell (Admin).
      • For work/school accounts (Entra ID):
             if (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) {
               Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown
             }
             Get-AppxPackage Microsoft.AAD.BrokerPlugin
        
      • For personal accounts (if any Outlook.com/consumer accounts are also used on the device):
             if (-not (Get-AppxPackage Microsoft.Windows.CloudExperienceHost)) {
               Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown
             }
             Get-AppxPackage Microsoft.Windows.CloudExperienceHost
        
      • After the commands complete, restart the device and test Teams/Outlook sign-in over several hours.
    2. Avoid unsupported profile roaming of token data
      • On any VDI/roaming-profile solution, verify that no data under %localappdata% is roamed for the following paths and keys:
        • %localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
        • %localappdata%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
        • %localappdata%\Packages\<any app package>\AC\TokenBroker
        • %localappdata%\Microsoft\TokenBroker
        • HKCU\SOFTWARE\Microsoft\IdentityCRL
        • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AAD
        • HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin
      • Ensure the work account’s MS-Organization-Access certificate is not being roamed between devices.
      • If these items are being captured by a profile or migration tool, exclude them and test again.
    3. Check for impersonation or elevation scenarios
      • Make sure Outlook and Teams are always started in the same user context as the signed-in Windows session.
      • Do not launch Office apps with Run as different user, Run as administrator (for a different account), or via server-side automation tools. These patterns can invalidate logon sessions and cause errors such as code 2147943811/2147943712.
    4. Run the Microsoft 365 sign-in troubleshooter
      • On an affected device, run the Microsoft 365 Sign-in troubleshooter (aka.ms/SaRA-OfficeSignIn-sarahome).
      • Apply any fixes it suggests for Office/Teams authentication.
    5. If the issue persists across multiple users/devices
      • Collect MSOAID logs from an affected machine and have the tenant admin open a support ticket from the Microsoft 365 admin portal, attaching the logs. This allows Microsoft to analyze the correlation IDs and error codes shown in the “Something went wrong [4wbr5] / Code: 2147943811” dialog.
      • As a temporary workaround while the root cause is investigated, users can access mail via Outlook on the web and Teams in the browser.

    These steps address the most common causes of recurring Microsoft 365 authentication failures on Windows 10/11: corrupted WAM packages, unsupported roaming of token/certificate data, and invalid logon sessions due to impersonation.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.