none
move-csuser fails to SFBO with "A Sign-in Assistant API call failed, method name = EnumIdentitiesWithCachedCredentials. Make sure Live Id Sign-in assistant is running." RRS feed

  • Question

  • I am moving users to Skype for Business Online, this worked just fine up to a point yesterday and now i keep getting the following error:

    Move-CsUser : A Sign-in Assistant API call failed, method name = EnumIdentitiesWithCachedCredentials.  Make sure Live Id Sign-in assistant is running.

    I have already moved a few users with no issue but now this. The Live ID Service is running. SFB version is 2015 but CU is not most recent, customer has not given permission to update, probably would if i can show this is a known issue maybe?

    Anyone seen this before please?

    Thanks,


    Martin

    Saturday, August 17, 2019 9:17 PM

All replies

  • Hi Martin,

    Have you tried another machine?

    Is there any update installed recently?

    If the service is running, you might be encountered problems with the network connection between your computer and the Microsoft Live ID Authentication Server. To check this, open Internet Explorer and navigate to https://login.microsoftonline.com/. Try logging on to Office 365 from there.

    Try to reinstall Skype for Business Online, Windows PowerShell Module on the server.

    Sorry for the delay.


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, August 23, 2019 7:32 AM
    Moderator
  • Hi,

    Is there any update on this case?

    Please feel free to drop us a note if there is any update.

    Have a nice day!


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, August 28, 2019 9:55 AM
    Moderator
  • Hi Martin,

    Did you ever solved this problem? As I hit this by myself. Right after I updated the Skype components to build 9319.562 (CU10 HF1). When I try to move user I get the following:

    PS C:\>  Move-CsUser -Identity SkypeUser01 -ProxyPool pool01.domain.net -Target sipfed.online.lync.com  -Verbose
    VERBOSE: CN=SkypeUser01,OU=Accounts,DC=domain,DC=net

    Confirm
    Move-CsUser
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
    VERBOSE: Validating parameters for move operation.
    VERBOSE: Calculating new server information for user [sipfed.online.lync.com].
    VERBOSE: Moving user [sip:SkypeUser01@company.com] across deployments.
    VERBOSE: Initializing source external move endpoint.
    VERBOSE: Creating target external move endpoint.
    VERBOSE: Auto discovering hosted migration service URL based on discovery service URL [https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root] and user sip address
    [sip:SkypeUser01@company.com]
    VERBOSE: Found auto discover URL [https://admin0e.online.lync.com/HostedMigration/HostedMigrationService.svc].
    VERBOSE: Retrieving web ticket URL.
    VERBOSE: Retrieving live id token.
    Move-CsUser : A Sign-in Assistant API call failed, method name = EnumIdentitiesWithCachedCredentials.  Make sure Live Id Sign-in assistant is running.
    At line:1 char:2
    +  Move-CsUser -Identity SkypeUser01 -ProxyPool pool01.domain.net -Target ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (CN=SkypeUser01...C=domain,DC=net:OCSADUser) [Move-CsUser], CommonAuthException
        + FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet

    @Shaw, I tried to reinstall the PowerShell module for Skype online, no help. I also tested with -MoveToTeams parameter, but that failed as well, but which much more strange error "Move-CsUser : A network-related or instance-specific error occurred while establishing a connection to SQL Server.". But I'll add an another thread for that.


    Petri

    Wednesday, September 4, 2019 4:09 PM
  • Same issue observed here with MFA turned on as have some SHubs to move online. Am attempting to get customer to turn off for admin account to test if this results in the ability to migrate from on prem to Online being restored.

    VERBOSE: Validating parameters for move operation.
    VERBOSE: Calculating new server information for user [sipfed.online.lync.com].
    VERBOSE: Moving user [sip:Shub01@customer.com] across deployments.
    VERBOSE: Initializing source external move endpoint.
    VERBOSE: Creating target external move endpoint.
    VERBOSE: Validating the hosted migration override URL provided:
    [https://admin0e.online.lync.com/HostedMigration/hostedmigrationservice.svc].
    VERBOSE: Retrieving web ticket URL.
    VERBOSE: Retrieving live id token.
    move-csmeetingroom : A Sign-in Assistant API call failed, method name = EnumIdentitiesWithCachedCredentials.  Make
    sure Live Id Sign-in assistant is running.
    At line:1 char:1
    Wednesday, September 4, 2019 11:45 PM
  • MFA used on here as well  :(

    Petri

    Thursday, September 5, 2019 7:25 AM
  • I tested also with RTM version from Skype PowerShell module, but also with earlier version of Skype Online PS module where the move has been working earlier, but still the same problem. Perhaps something to do with Windows 10 and 1809 upgrade or some other changes in Office 365?

    Petri

    Thursday, September 5, 2019 8:35 AM
  • I had the same problem (Lync 2013 on Windows 2012 R2 migration to SfB Online). I tried using an admin with @tenant.onmicrosoft.com which has MFA enabled.

    Import-Module SkypeOnlineConnector
    $Identity = "user@domain.net
    $pool = "pool.domain.net"
    $sfbSession = New-CsOnlineSession
    Import-PSSession $sfbSession
    Move-CsUser -Identity $identity -Target sipfed.online.lync.com -ProxyPool $pool

    I verified I had Powershell 5.1, latest SfB Online PS PowerShell module and Live ID assistant installed and running (even tried re-install) but I still got: 

    Move-CsUser : A Sign-in Assistant API call failed, method name = EnumIdentitiesWithCachedCredentials. Make sure Live Id Sign-in assistant is running

    In the end I had to create a dedicated skypemigration@tenant.onmicrosoft.com without MFA which has role User Administrator and Skype for Business Online admin and run the following instead which successfully moved the user.

    Import-Module SkypeOnlineConnector
    $Identity = "user@domain.net
    $pool = "pool.domain.net"$cred = Get-Credential
    Move-CsUser -Identity $identity -Target sipfed.online.lync.com -ProxyPool $pool -Credential $cred

    Good luck!

    Thursday, September 12, 2019 8:32 PM
  • Has anyone discovered a work around for this issue?
    Tuesday, December 3, 2019 8:21 PM
  • Sorry no. I simply create a dedicated skypemigration@tenant.onmicrosoft.com without MFA to be used during the migration.
    Monday, December 9, 2019 1:21 PM
  • Try using the -UseOAuth switch. It should solve this problem.

    Dino Caputo (Skype for Business MVP, BA | MCSE | MCTS:OCS/Lync) http://www.ucguys.com http://www.enableUC.com

    Friday, February 14, 2020 7:27 PM
  • I found this on the move-csuser Manual Page from Microsoft


    • If you are using Skype for Business Server 2015 with CU8 or later, we recommend you pass the `-UseOAuth` switch, which ensures the on-premises code authenticates using OAuth, instead of Legacy LiveID authentication. In Skype for Business Server 2019 and later versions, OAuth is always used hence the switch is not relevant on those versions.

     

    And it works with SFB-Pool 2015 Thanks Dino ! When you know what to search for its easy to find it!

    Manfred
    Monday, February 17, 2020 1:18 PM