Friday, May 11, 2018

user_interaction_required – Not able to add/refresh account in VS 2015


One day all of a sudden most of our team members were not able to add/refresh their account in VS 2015. We were getting an error
---------------------------
Microsoft Visual Studio
---------------------------
We could not refresh the credentials for the account xxx

user_interaction_required: One of two conditions was encountered: 1. The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user interaction was required. 2. An error occurred during a silent web authentication that prevented the http authentication flow from completing in a short enough time frame
---------------------------
OK  
---------------------------
I then started looking at the network traces to figure out what’s wrong. I saw that there was an interaction between login.microsoftonline.com and tokenprovider.termsofuse.identitygovernance.azure.com after which the error would occur.

I copied the first url which looks like https://login.microsoftonline.com/xxx/oauth2/authorize?resource=https%3a%2f%2fmanagement.core.windows.net%2f&client_id=872cd9fa-d31f-45e0-9eab-6e460a02d1f1&response_type=code&redirect_uri=urn%3aietf%3awg%3aoauth%3a2.0%3aoob&login_hint=xxx&client-request-id=f9c9ba16-48c2-4def-9b2d-c2218191eb7f&prompt=attempt_none&x-client-SKU=.NET&x-client-Ver=2.16.0.0&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+10.0.16299.0&sso_nonce=xxx&mscrid=xxx  and pasted it into browser.

Now, I saw a prompt to accept Terms Of Use in a different tenant that my home tenant. Looked like someone had enabled a Terms of Use Conditional Access policy on that tenant. See more details about Terms of Use here https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tou

On analyzing more, it looks like VS tries to get a token for all the tenants you belong to. If one of the tenant has a Conditional Access policy like Terms of Use which requires a user input, VS 2015 will not be able to show it to you. So will you have to upgrade to VS 2017 or disable the Conditional Access policy.

Once this is done, everything should start working as usual.

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)