Microsoft TEAMS: TEAMS Client Sign-in

  • Article

Teams client sign in issue is one of the most common scenario for Helpdesk or Admins or Support Folks who are working in TEAMS troubleshooting filed. I tried to find detailed article which talks about TEAMS Sign-in but didn't find any such article. This inspired me to write detailed article on sing-in process, I always preferred my OneNote page created by taking bits and pieces from different places that covers all these details. I thought of sharing info here that might help in getting all the details in one go.

Before entering the troubleshooting phase, one should first understand the TEAMS Sign in process flow to identity what's expected and act accordingly. In this article, we will focus mainly on TEAMS Client login.

 

 

  • How does Sign IN work?

    • The client reaches teams.skype.com and start the bootstrap. Under JSON we should be able to view all features are enabled or not enabled: 
<!-- end list -->

  - The page teams.microsoft.com will present a sign in page with a frame from login.microsoftonline.com and follow an OAUTH authentication.
  - <https://login.microsoftonline.com/common/userrealm/> - will return where the OAUTH auth will happen.![](https://msdntnarchive.blob.core.windows.net/media/2017/10/TC03.jpg)
  • A token will be generated and the client and can be verified on the 302 message from login.microsoftonline.com:
  • Token expires_in=3599 (1h)
  • From this point the client execute all the requests with the access token on the HTTP header:
  • How does the client identify where to register?

    • The client will always attempt to register to teams.microsoft.com that is the URL of the service.

    • Once registered, the client will POST to api.teams.skype.com that will reply with a JSON with the services the client have to register:

      The client do authenticated requests to the ams, chat service, middleTier, msImageService and search services on respective geographical region.

 

  • How does Sign IN work in SSO?

Log Collection:

Windows MAC
Web logs·       Press (CTRL+ALT+SHFT+1) in client to download logs (Electron Logs)Note - be sure to use the 1 on top of keyboard and not 1 from number pad as that maps to a different key·       %downloads%\MSTeams Diagnostics Log <timestamp>.txtBest logs to start withContains most all client activityDesktop logs·       %appdata%\Microsoft\Teams\logs.txtContains framework and bootstrapping infoApp Bootstrap processPlugin initializationUpdate ManagementSome SSO info when using SSO builds (Desktop Auth) Web logs·       Press (Command+Option+SHFT+1) in client to download logs (Electron Logs)Note - be sure to use the 1 on top of keyboard and not 1 from number pad as that maps to a different key·       Downloads\MSTeams Diagnostics Log <timestamp>.txtBest logs to start withContains most all client activityDesktop logs·       ~/Library/Application Support/Microsoft/Teams/logs.txtContains framework and bootstrapping infoApp Bootstrap processPlugin initializationUpdate ManagementSome SSO info when using SSO builds (Desktop Auth) 

Troubleshooting:

While troubleshooting TEAMS Sign-in we need to have answers to following questions. Once, you have answer to questions you have almost know the cause of it:

  • Was user able to sign in before?
    • Provisioning Issue?
  • How widespread is the sign-in failure?
    • 1 user, few users, All users in the tenant
  • What is the Repro rate?
    • Intermittent
    • Consistent
  • What clients are impacted?
    • Web
    • Windows
    • Mac
  • Networks where sign-in fails
    • Corp
    • VPN to Corp
    • Public Internet (Shopping complex, airports, etc)
  • Initial steps when investigating a sign in problem:
    • Issue is isolated to specific network
      • Likely cause is a Firewall blocking at a perimeter network
    • Issue is impacting all users everywhere
      • Likely cause is with entitlement or other issue authenticating to the service
        • Possible SSO or 2fA issue.
  • Gather app logs or web traffic tracing (Fiddler)
    • From bottom of the log search for key words
    • Example or "err_" or "error" or "failed"
    • From Fiddler trace, you can filter Example Process=Teams.exe
      • Search for anything unusual like a 4xx or 5xx response that suggests something is missing or there is an error. (Recommend opening "Raw" view in Inspectors)

To use Microsoft Teams, ensure both the FQDN and IP Address endpoints listed in the Microsoft Teams tables are reachable: Microsoft TEAMS

Tools to refer while troubleshooting Sign-in:

  1. Fiddler
  2. Log files.txt

Troubleshooting Examples:

  1. In case of Firewall issue – You may see an HTTP response in Fiddler traces will suggest firewall is blocking                                                                                                                                                                                                     ** Screen shot referred from demo pptx.
  • Example of time out issue (Electron Log file)                                                                                                                                                                                                     ** Screen shot referred from demo pptx.
  • Example of time-out issue (Fiddler Trace, Response Inspector)                                                                                                                                                                                                      ** Screen shot referred from demo pptx.

To summarize TEAMS Sign-In I would recommend to refer fiddler traces and if any further queries please feel free to drop queries.