Troubleshooting AADSTS7000112: Application ‘5e3ce6c0-2b1f-4285-8d4b-75ee78787346′(Microsoft Teams Web Client) is disabled.

Troubleshooting AADSTS7000112: Application ‘5e3ce6c0-2b1f-4285-8d4b-75ee78787346′(Microsoft Teams Web Client) is disabled.

  •  
  •  
  • 1
  •  
  • 2
  •  
    3
    Shares
5/5 - (1 vote)

This error falls into the “both nebulous and specific at the same time” category.  Here is a list of a few things you can do to troubleshoot it.

The full text of the message looks something like this:

There are a handful of things to check.

User is properly licensed

Most services in Office 365 or Microsoft 365 require the user to be licensed, and Microsoft Teams is no exception.  The Microsoft Teams service plan license is included in a number of SKUs, so you may need to poke around in your tenant to see what’s available.  You can easily check this in the Microsoft 365 Admin Center (https://admin.microsoft.com) by navigating to Users | Active Users, selecting a user, and then looking at the Licenses tab.

You can also do it via PowerShell (what good would this blog be if I didn’t have a way to script it, too?)

(Get-MsolUser -UserPrincipalName <user upn>) | % { $_.Licenses | % { $_.ServiceStatus | ? {$_.ServicePlan.ServiceName -like "*TEAMS*"} }}

If the user account doesn’t have a Microsoft Teams licenses associated with it–stop here.  Do not pass GO.  You need to assign a license and wait a bit for it to get provisioned.

Next up, check the device’s cache.

Check Browser Cache

Browser cache issues can cause some strange artifacts to manifest themselves.  Try:

  • Clearing the browser cache
  • Launching an in-private or incognito session
  • a different browser

If that’s not it, then we’ll go look at Azure AD.

Teams Application is Enabled

The next big rock to look under is Azure AD Enterprise Applications.  It is possible that someone turned off Teams organization-wide.

  1. Navigate to Enterprise applications in the Azure AD Portal: https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/.
  2. In the Filter box, type Microsoft Teams and then select it.
  3. Under Manage, select Properties.  Look for the Enabled for users to sign-in? setting.
  4. Make sure the toggle is set to Yes.  This affects all logons tenant-wide.  It’s the sledgehammer-to-swat-a-fly approach.  If you change the setting, select the Save icon.
  5. Go back to the search and also look for Microsoft Teams Web Client.  You can enter the AppId 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 in the search bar.
  6. Select the app.
  7. Under Manage, select Properties.
  8. Ensure the toggle for Enabled for users to sign-in? is set to Yes.
  9. If you changed it, click the Save icon.

Those are the most likely candidates.  If you update those settings and after a few minutes are still unable to log in, it’s time to start looking in the weeds.

Conditional Access

Conditional Access normally rears its head as different errors, but it can’t hurt to check.  Conditional Access is a feature that allows you to create rules to allow or block access to resources. To check for policies:

  1. In the Azure portal, navigate to the Conditional Access blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies.  There are two sets of policies (the new policies labeled Policies and the legacy policies, labeled Classic).
  2. Select the Policies node first.  If there are policies present, review them to see if they may be blocking access to Teams.
  3. Next, select the Classic policies node.
  4. If you have a newer tenant, you likely won’t have anything here.  But, check it anyway just to make sure.

If you discover one or more conditional access policies potentially affecting your users, check with other administrators to see if they made any changes.  Be careful configuring conditional access, as you can lock yourself out!

SharePoint Network Access Controls

Someone also may have tinkered with the settings in SharePoint.  Since SharePoint provides some foundational components for Microsoft Teams, disabling or restricting SharePoint access can have some quirky side effects.  To check, follow these steps:

  1. Navigate to the SharePoint Admin Center.
  2. Expand Policies and select Access Control.
  3. Select Unmanaged devices.
  4. Select Allow full access from desktop apps, mobile apps, and the web if it isn’t already set.  For more information on the policy options, check here: https://docs.microsoft.com/en-US/sharepoint/control-access-from-unmanaged-devices#block-or-limit-access-to-specific-sharepoint-site-collections-or-onedrive-accounts.
  5. Select Network location from the Access Control page.  Check to see if any IP restrictions have been put in place and if they have, ensure that your test device’s external IP address is inside the range.

If you find any other settings that are affecting Teams logins, please be sure to leave a comment!

 

 

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.