Microsoft Teams Authentication Problems – Workaround PowerShell Script

The Problem

After a Domain Password change, my Teams Desktop Client was stuck in an Authentication Loop. I tried several things for troubleshooting, but the single steps didn’t solve the problem for itself. As a normal User, I would open a Helpdesk Ticket and would wait until they solve the problem for me. But as a System Engineer and Teams Consultant, I should find the problem by myself, I thought. And yes I tried to turn it of and on again and it didn’t help ;-).

BTW: It seems that I’m not alone with this problem because on UserVoice several reported and upvoted it.

The Solution

As a result, I tried all troubleshooting steps together and that finally solved my authentication problems.

  • Make the Internet Explorer Site to Zone Assignments for Microsoft Teams (Trusted Sites)
    *.teams.microsoft.com, login.microsoftonline.com
  • Purge the Microsoft Teams Client Cache Folders
  • Clear the Cached Credentials for Microsoft Teams

Finally, my problem was solved and I did not disturb our Helpdesk Team.

Automated the solution with a PowerShell Script

But the troubleshooting took me an hour and manually deleting multiple entries from Windows Credential Manager is not my favorite job. So I used my spare time on Sunday, Yes I’m a Nerd!, and wrote a PowerShell Script for it.

Feel free to try it out, and comment here in the Blog, or at Twitter @philipp_kohn if you have suggestions for optimizing the Script. Reminder: No Backup no mercy! – Use my Scripts at your own Risk 😀

<#
.SYNOPSIS
    MSTeams_Auth_Problems.ps1 - PowerShell Script to workaround Microsoft Teams Authentication Problems 
 
.DESCRIPTION
    The Script works only for the current User! Don't use it with "runas"!
    
    Script Part 1: Adds trusted Site to Zone Assignments for the current User
                   Reference: https://docs.microsoft.com/en-us/microsoftteams/known-issues#authentication 
    Script Part 2: Purges the Microsoft Teams Application Cache Folders for the current User
    Script Part 3: Clear "Cached Credentials" for Microsoft Teams from the Windows Credential Manager for the current User

.OUTPUTS
    Results are printed to the console

.NOTES
    Author        Philipp Kohn, kohn.blog, Twitter: @philipp_kohn
    
    Change Log    V1.00, 04/01/2019 - Initial version
    Change Log    V1.01, 04/01/2019 - Added additional Teams Cache Folders
    Change Log    V1.02, 04/01/2019 - Several minor Changes, Suggestions from ISESteroids 
#>

#########################################################################################################################################
### Script Part1: Add "https://login.microsoftonline.com" and "https://*.teams.microsoft.com" to Internet Explorer Trusted Sites Zone ###
#########################################################################################################################################

# Internet Explorer Trusted Sites Assignment: "*.teams.microsoft.com"

$registryPath1 = 'HKCU:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.teams'
$name1 = 'https'
$value1 = '2'
$propertytype1 = 'DWORD'

#If Registry key does not exist create it and set value
IF(!(Test-Path -Path $registryPath1))
        {New-Item -Path $registryPath1 -Force | Out-Null
         New-ItemProperty -Path $registryPath1 -Name $name1 -Value $value1 -PropertyType $propertytype1 -Force | Out-Null}
#If Registry key does exist set value only
 ELSE   {New-ItemProperty -Path $registryPath1 -Name $name1 -Value $value1 -PropertyType $propertytype1 -Force | Out-Null}

# Internet Explorer Trusted Sites Assignment: "login.microsoftonline.com"
$registryPath2 = 'HKCU:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\login'
$name2 = 'https'
$value2 = '2'
$propertytype2 = 'DWORD'
#If Registry key does not exist create it and set value
IF(!(Test-Path -Path $registryPath2))
        {New-Item -Path $registryPath2 -Force | Out-Null
         New-ItemProperty -Path $registryPath2 -Name $name2 -Value $value2 -PropertyType $propertytype2 -Force | Out-Null}
#If Registry key does exist set value only
ELSE    {New-ItemProperty -Path $registryPath2 -Name $name2 -Value $value2 -PropertyType $propertytype2 -Force | Out-Null}

#############################################################################################################################################
### Script Part2: Purge Microsoft Teams Client Cache Folders                                                                              ###
#############################################################################################################################################

# Microsoft Teams Client Cache Folders
$TeamsCacheFolder1 = "$env:APPDATA\Microsoft\teams\Application Cache\Cache"
$TeamsCacheFolder2 = "$env:APPDATA\Microsoft\Teams\blob_storage"
$TeamsCacheFolder3 = "$env:APPDATA\Microsoft\Teams\Cache"
$TeamsCacheFolder4 = "$env:APPDATA\Microsoft\Teams\databases"
$TeamsCacheFolder5 = "$env:APPDATA\Microsoft\Teams\GPUCache"
$TeamsCacheFolder6 = "$env:APPDATA\Microsoft\Teams\IndexedDB"
$TeamsCacheFolder7 = "$env:APPDATA\Microsoft\Teams\Local Storage"
$TeamsCacheFolder8 = "$env:APPDATA\Microsoft\Teams\tmp"

# Check if Path exists
IF (-not (Test-Path -Path "$env:APPDATA\Microsoft\teams")) 
        {Write-Error -Message 'Path Query: The Teams Application does not exist' -ErrorAction Stop}
ELSE    {Write-Verbose -Message 'Path Query: The Teams Application path exist'}

# Stop running Microsoft Teams Instances 
Write-Warning -Message 'Script stops all running Teams processes in 15 seconds! Press Ctrl+C to stop script processing'
Start-Sleep -Seconds 15
Stop-Process -Name Teams -ErrorAction SilentlyContinue

# Purge Microsoft Teams Client Cache
Add-Type -AssemblyName PresentationFramework
$msgBoxInput =  [Windows.MessageBox]::Show('Purge Microsoft Teams Client Cache','MSTeams_Auth_Problems.ps1','YesNo','Error')

  switch  ($msgBoxInput) {

  'Yes' {Remove-Item -path "$TeamsCacheFolder1\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder2\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder3\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder4\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder5\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder6\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder7\*" -Recurse -ErrorAction SilentlyContinue
         Remove-Item -path "$TeamsCacheFolder8\*" -Recurse -ErrorAction SilentlyContinue}

  'No'  {Write-Verbose -Message 'Microsoft Teams Client Cache not purged on user choice'}
}

#############################################################################################################################################
### Script Part3: Clear Cached Credentials for Microsoft Teams                                                                            ###
#############################################################################################################################################

# Clear Microsoft Teams Cached Credentials 
$msgBoxInput =  [Windows.MessageBox]::Show('Clear Microsoft Teams Cached Credentials from Windows Credential Manager','MSTeams_Auth_Problems.ps1','YesNo','Error')
  switch  ($msgBoxInput) {

  'Yes' {

        #Clearing Credential Manager
        #Kudos @hhazeley, hazelnest.com

        #Set filters to query Credential Manager
        $filters = 'msteams*'

        #Extract information from Credential Manager and filter only Target.
        Foreach ($filter in $filters)
        {
        $keys = & "$env:windir\system32\cmdkey.exe" /list:($filter) | & "$env:windir\system32\findstr.exe" 'Target'
        $keys = ($keys -replace ' ','' -replace 'Target:','')}

        #Delete each target
        Foreach ($key in $keys)
        {
        Write-Verbose -Message "Removing credentials for target $key"
        & "$env:windir\system32\cmdkey.exe" /del:($key) 
        }

        }

  'No' {Write-Verbose -Message 'Cached Credentials not cleared on user choice'}
}

Philipp Kohn

IT Consultant Specialties: Remote Desktop Services, Office 365, User Profile and Group Policy Management

7 thoughts on “Microsoft Teams Authentication Problems – Workaround PowerShell Script

  • 23. May 2019 at 12:25
    Permalink

    your script was exactly what I needed, is there anyway you can do the same for yammer 🙂

    Reply
  • 4. August 2019 at 14:30
    Permalink

    Hey Philipp! I’m having trouble with the script’s “Else” part

    ELSE : The term ‘ELSE’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1
    + ELSE {New-ItemProperty -Path $registryPath2 -Name $name2 -Value $v …
    + ~~~~
    + CategoryInfo : ObjectNotFound: (ELSE:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Although all the prompts came up clearing the cache and credentials, etc. Any suggestions?

    Reply
    • 5. August 2019 at 19:17
      Permalink

      Hi Ash,

      I tried the script and copied it, from this blog article directly to an open ISE Session.
      It worked for me with no errors can you double-check that you have copied it exactly. Btw what’s your OS language, only tested it successfully with an “EN-US” Windows 10 1903.

      PS C:\WINDOWS\System32> . 'C:\Scripts\O365\Untitled2.ps1' < # script is not saved yet #>
      WARNING: Script stops all running Teams processes in 15 seconds! Press Ctrl+C to stop script processing

      CMDKEY: Credential deleted successfully.
      CMDKEY: Credential deleted successfully.

      Regards Philipp

      Reply
  • 4. September 2019 at 18:12
    Permalink

    I solved the problem with Microsoft Teams Client deleting the credentials starting with “msteams_adalsso …” in the windows credential manager.

    After, delete all contents of the following folder:
    C:\Users\\Dados de Aplicativos\Microsoft\Teams
    or
    C:\Users\\AppData\Local\Microsoft\Teams

    Reply
  • 9. September 2019 at 12:09
    Permalink

    Hi,
    Thank you! This solved my problem. As for the error:
    When running the script in Windows PowerShell as admin it fails but when running it as admin in Windows PowerShell ISE it works like charm.

    Reply
    • 9. September 2019 at 17:31
      Permalink

      Happy that I could help.

      I will edit the description with a little How-To soon. Thx for the feedback.

      Regards Philipp

      Reply
  • 16. September 2019 at 10:54
    Permalink

    What worked for me was to quit the desktop client and login via the web client. This sent me through the normal login journey and logged me in. I could then open the Desktop client. No special powershell magic required.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.