Unable to create an Outlook profile after a migration with Event 1098 in AAD log

Symptoms

When you try to create a Microsoft Outlook profile after a domain migration, you receive an error message that indicates you can’t start Outlook or something went wrong. You also receive a sign-in prompt.

screenshot of the error messages

Additionally, you may see the Event 1098 in Azure Active Directory (AAD) Operational log that resembles the following error:

Error: 2147943712

ErrorMessage: A specified logon session does not exist. It may already have been terminated. A specified logon session does not exist. It may already have been terminated.

AdditionalInformation: Exception of type ‘class WinRTException’ at webaccountprocessor.cpp, line: 190, method:
AAD::Core::WebAccountProcessor::ProcessBrokerRequest::<lambda_>::operator (). Log: 0xcaa5001c Token broker operation failed. Operation name: RequestToken Logged at webaccountprocessor.cpp, line: 520, method: AAD::Core::WebAccountProcessor::ReportException.

To find the AAD Operational log in Event Viewer, locate Applications and Services Logs > Microsoft > Windows > AAD > Operational.

Azure Active Directory location in Event Viewer

Cause

There are multiple scenarios that can result in a change to a user security identifier (SID), for example, migrating the user to a new domain. However, the user profile isn’t changed, and data files that have the old SID are now cached in an old profile. In this case, you may have an Office connection problem or authentication loops that results in this error.

Resolution

To resolve this issue, follow these steps:

  1. Delete all files from the Accounts folder at the following: location:

    %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts

     Note

    Copy and paste the above location in the Windows Search box to find the folder.

  2. Restart and re-create an Outlook profile.

CategoriesIT