top of page
  • Writer's pictureMurray Wall

I Figured Out Error Code CAA5004B!

In my upgrade testing I have been experiencing some issues with machines connected to Azure AD and its been quite a ride to figure out how to correct it!

I have mapped out what exactly has happened and now the sun is now rising again as I have a tested and working solution!

I just need to get Microsoft to confirm that the upgrade is causing the issue and help work out the issue as to why this is happening.

Here is my synopsis of the issue, I know I am not the only one that has seen this issue, on the MS Answers Forums you can reference here and here. This is what is actually what is happening - Prior to the issue, the machine is connected to AzureAD and logged on and authenticated with an AzureAD account. A new upgrade in Settings --> Update & Security will download a new #WindowsInsider build.

In all cases that I have seen this issue, the machine had been previously renamed after it was joined to AzureAD, but I can neither confirm nor deny if this is part of the issue.

After the upgrade an attempt to login with the AzureAD user account gives a bad password prompt, even though the password is correct. After some investigation I figured out the real problem, the #WindowsInsider Build upgrade has disconnected it from Azure AD! How to confirm this? I had setup an LocalAdmin account on my test devices knowing that I may need a way to get into the computer in the event that my azure AD account was unavailable.

Logging in as the LocalAdmin I verified a couple of settings, first things I did was login to the FeedBack Hub and attempt to sign in as my Azure AD account

Here is the CAA5004B error that I have been seeing, the error comes back as Device Information is missing - I went back and checked inside the settings application to validate that I was connected to my Azure AD

in the Settings --> Accounts --> Access Work or School was enabled. Something looked a little strange, it shows that I am connected to an Azure AD but it doesn't look like it normally does, I try a disconnect and I am not allowed. My original solution was to completely reset the computer - This does work, is extremely drastic, and isn't the best solution.

Here is the fix!

I figured out the right way to address the issue without reseting the computer!

Even though the settings application sees that I am connected to Azure AD I had a sneaking suspicion that I really was not connected at all - I just needed a way to confirm this, thankfully Microsoft has a command that lets us know in detail what exactly is the status of our domain join

DSREGCMD /status

This command

Tells the real picture - After the upgrade my machine has been unjoined from Azure AD! This is a huge problem! I checked my Azure AD and the last machine update (Get-AzureADDevice) showed that my machine was updating and was on build 18323 - This upgrade was to 18329.1 - something removed the domain join on the machine and didnt touch Azure AD. Ok now I know why the user couldn't login, no domain to authenticate, no way to login!

Now how to get it to Rejoin Azure AD!

For me, I could not disconnect and reconnect it to Azure AD in Settings --> Accounts --> Access Work or School as It would not let me Disconnect as it was already disconnected - To disconnect the domain I needed to run DSREGCMD as system!

PSEXEC -i -s cmd

A handy Windows Sysinternals utility to the rescue! PSEXEC (A tool every ITPro uses!) lets you run a command prompt in the NTAuthority\System context interactively! After I spawned a cmd prompt running the Command


Verified that I was not connected and that the only way I could get out was via the


This command run in the NTAuthority\System context removed the hidden Azure AD connection.

In Settings --> Accounts --> Access Work or School I went through the process to rejoin Azure AD (Hit the Connect and then ensure you choose Join Computer to Azure AD with your Azure AD account)

Now this looks Better! It now shows that the machine is connected to my corporate Azure AD - To confirm that the machine was actually connected to my Azure AD a DSREGCMD /status showed the complete picture that I was truly authenticated correctly!

I signed out of the device as my LocalAdmin Account and re logged in as my Azure AD account, the login worked and my old profile showed exactly as it was! It was like I had never left(I was worried that it may create a new login profile and not reuse the old! My issue has been righted and my machine is back in working order within my Azure AD!

The problem of the upgrade unjoining the machine from Azure AD still exists but at least there is now a solution to undo the problem!

Thanks for reading and I hope you get your machine reconnected. Reach out to me @Murmanz on twitter if you need a hand!


28,129 views5 comments

Recent Posts

See All


Bob Shook
Bob Shook
Jan 11, 2023

Ran into the same issue after renaming an already AAD joined device which seemed to go fin until a new user logged on and their account wouldn't sync with MS. Just disjoining and rejoining didn't fix it though, I also had to rename the computer to something different before rejoining again. Thank you for posting this!


Paul Manesco
Paul Manesco
Apr 09, 2021

Very useful. Thanks a lot for sharing! Your solution works like a charm. Paul


Elek Richter
Elek Richter
Sep 03, 2020

I found your blog when I was after error code CAA5004B.

In our case it turned out that it was a certificate issue. (I assume that it was cert issue in your case too, caused by the machine rename)

From the point when the machine certificates got restored everything went back to normal.

If the user can log into web apps with his account but nothing work locally, the on-prem apps throw CAA5004B and dsregcmd shows not AzureADJoined but it should then check the local computer certificates.


August Banks
August Banks
May 15, 2019

Helped me solve a tuffy.. Thanks!


Kevin Maloney
Kevin Maloney
Feb 03, 2019

Murray, you saved the day with this fix! Thank you so much for sharing your expertise.

bottom of page