Low severityauthentication
Power BI Error:
AADSTS80002
What does this error mean?
Azure AD (Entra ID) Pass-through Authentication agent could not validate the password against on-prem Active Directory in time.
Common causes
- 1Pass-through Authentication agent service stopped or unhealthy on the on-prem server
- 2On-prem domain controllers slow or unreachable from the PTA agent (network/firewall/DNS)
- 3Only a single PTA agent installed — no redundancy when it lags or restarts
- 4Outbound connectivity from the agent to *.msappproxy.net (ports 80/443) blocked or proxied
- 5Domain controller under heavy load or LDAP/Kerberos response latency exceeding the PTA timeout
How to fix it
- 1Open the Entra admin center → Pass-through Authentication and verify all registered agents show status Active; restart the 'Microsoft Azure AD Connect Authentication Agent' service on any agent that is inactive
- 2From the PTA agent server, test connectivity to a domain controller (nltest /dsgetdc:<domain>, ldp.exe bind) and confirm DNS resolves the DC quickly
- 3Confirm outbound HTTPS to *.msappproxy.net, login.microsoftonline.com and *.servicebus.windows.net is allowed (no TLS inspection on the agent)
- 4Install at least one additional PTA agent on a second server in a different failure domain so a single slow agent doesn't cause timeouts
- 5Check DC event logs and performance counters (LSASS CPU, LDAP search latency) at the time of the failure to rule out an overloaded domain controller