Low severityauthentication
Power BI Error:
AADSTS80014
What does this error mean?
Pass-through Authentication (PTA) agent failed to validate credentials within the maximum allowed time window.
Common causes
- 1Pass-through Authentication agent service (AzureADConnectAuthenticationAgent) is stopped, crashed, or unresponsive on the on-prem server
- 2Network latency or packet loss between the PTA agent and the on-premises Active Directory domain controller validating the credentials
- 3Outbound connectivity from the PTA agent to *.msappproxy.net / Azure Service Bus (port 443) is blocked by firewall or proxy
- 4Only one PTA agent deployed and it is overloaded — Microsoft requires at least 3 agents for HA and throughput
- 5Domain controller used by the agent is slow, under load, or unreachable, so LDAP bind exceeds the timeout
How to fix it
- 1Open Entra ID admin center → Hybrid management → Pass-through Authentication and confirm all registered agents show status 'Active'. Restart the 'Microsoft Azure AD Connect Authentication Agent' service on any agent that is Inactive.
- 2On each PTA server verify outbound HTTPS (443) to *.msappproxy.net, *.servicebus.windows.net, login.microsoftonline.com and login.windows.net is open — blocked Service Bus traffic is the #1 root cause of timeouts.
- 3Test domain controller responsiveness from the PTA server (nltest /dsgetdc:<domain>, ldp.exe bind) — if LDAP latency >a few hundred ms, point the agent host to a closer/healthier DC.
- 4Deploy at least 3 PTA agents across different servers (Microsoft-recommended HA topology) so a single slow agent does not cause user-facing timeouts.
- 5Capture Event Viewer logs under 'Applications and Services Logs → Microsoft → AzureAdConnect → AuthenticationAgent → Admin' on the agent server, correlate the timestamp with the failing correlation ID, and open a Microsoft support case if the agent logs show repeated TimeoutException without an obvious network cause.