Microsoft Teams can be used with a personal account but when it is configured and set up for use within an organization, special accounts are generated for each team member. These accounts are connected to a domain which is how Microsoft Teams authenticates a user.
Microsoft Teams Error Code CAA20004
When users sign in to an organization account, they go through the same sign-in process they would if they were to sign in using a personal account. The sign-in process if of course different behind the scenes.
When signing in, users may see the Microsoft Teams error code caa20004. This error message manifests in two ways; you will see it on the Sign-in window as shown below.
If you click Continue, you’ll be taken to Microsoft Teams where the same error will be shown again; but it will show less information as to why you’re seeing it.
To fix the issue, try the following.
Check account credentials
This error can appear if the account that a user is signing into hasn’t been set up yet on the domain. Your system admin may have told you which account to use but they may not have enabled it in the Microsoft 365 admin center.
- Visit the Microsoft 365 admin center.
- Login with the admin account.
- In the column on the left, select Users>Active users.
- Check if the user is listed here. If the user is not listed, add them by clicking Add a user.
- Once the user has been added, they will be able to login to Microsoft Teams.
When you see the Microsoft Teams error code caa20004, you should examine the app’s logs to see what the cause is.
- Right-click the Microsoft Teams app icon in the system tray.
- Select Get Logs.
- In the notepad file, look for “caa20004”.
- Look at the accompanying error messages, and share them with the system admin. Alternatively, share the entire log file with the admin.
Enable ADFS endpoint
This fix can only be applied by a system admin who has access to the server the active directory for all user accounts is setup on.
- On the Windows server machine where the active directory is set up, open AD FS Management app.
- In the column on the right, click Edit Global Primary Authentication.
- In the window that opens, enable/check the following.
- Forms authentication in both Extranet and Intranet sections.
- Window authentication in the Intranet section.
- Click Apply (image via Microsoft server docs)
- Open PowerShell with admin rights on the server system.
- Run the following command.
Enable-AdfsEndpoint -TargetAddressPath “/adfs/services/trust/13/windowstransport”
The error code caa20004 is a sign-in error but it’s not like your usual sign-in errors. The sign in service is running but a user’s credentials cannot be verified because of the AD. If the above solutions do not fix the problem, go through the log and you’ll be able to pin-point what’s going wrong.