Share via

How do I fix an Underlying error messageAADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed.

Roger 20 Reputation points
2025-11-13T13:26:03.7733333+00:00

I receive the error message. I have two grant accounts, but can't tell which is no longer valid. Something has been revoked, but I can't figure which account to delete or how to add it to my pay subscription. We are dead in the water with Azure Analysis Services.

And the link goes nowhere

Azure Analysis Services
0 comments
Answer accepted by question author
  1. Jerald Felix 9,835 Reputation points
    2025-11-13T13:47:40.3966667+00:00

    Hello Roger,

    The AADSTS50173 error in Azure Analysis Services (AAS) indicates an expired or revoked OAuth grant/token, often due to a password change, admin revocation, or session reset since the token's issuance (2024-11-25 in your case). The TokensValidFrom date shows the cutoff—any tokens before 2025-11-10 are invalid, blocking refreshes and causing AAS processing failures. Here's how to fix it:

    Quick Fix Steps

    1. Re-Authenticate Credentials:
      • In Azure portal > Your AAS server > Data sources > Select the affected source > Edit > Re-enter username/password or service principal credentials > Save and test connection.
      • For gateway sources: On-premises data gateway > Manage > Data source settings > Refresh credentials > Test.
    2. Clear Token Cache:
      • Delete local caches: %LOCALAPPDATA%\.IdentityService\msal.cache (or full folder) and %TEMP%\MNE* files if using tools.
      • Re-run AAS refresh or SSMS connection to force new token issuance.
    3. Check and Reset MFA/Password:
      • If password changed: Update in Entra ID > Users > Your account > Reset password (temp one, then change).
      • MFA Revocation: Entra ID > Users > Sign-ins > Filter errors > If revoked, re-consent to AAS app (account.microsoft.com/security).
    4. Update AAS/Service Principal:
      • If using SP: App registrations > Your AAS app > Certificates & secrets > New secret > Update in AAS data source.
      • Portal > AAS > Overview > Restart server (quick, no downtime for creds).
    5. Test and Monitor:
      • SSMS > Connect to AAS > Run simple query (e.g., SELECT * FROM $SYSTEM.TMSCHEMA_MEASURES).
      • Sign-in logs: Entra ID > Sign-ins > Filter AADSTS50173 > Note correlation ID for support.

    This regenerates fresh tokens—test immediately. If persists (e.g., multi-grant conflict), open free billing support: Portal > Help + support > New request > Issue: Authentication > "AADSTS50173 token expired" > Attach error details. Response: 1 day.

    Best Regards,

    Jerald Felix

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manoj Kumar Boyini 1,250 Reputation points Microsoft External Staff Moderator
    2025-11-13T16:17:50.4133333+00:00

    Hi Roger,

    Thank you for reaching out to Microsoft QA.
    The error AADSTS50173: The provided grant has expired due to it being revoked indicates that the authentication token used by Azure Analysis Services is no longer valid because it was revoked or expired. This is typically due to a password reset, token revocation, or permission changes for the account used to authenticate.

    Here’s what you can do to resolve this:

    1.Check the identity: Verify which account is being used to connect to Azure Analysis Services (whether it’s a user account, service principal, or managed identity).

    2.For user accounts: Ask the user to sign in again to refresh the token. If the credentials are stored in a service or automation tool, ensure they are updated.

    3.For service principals: Ensure that the client secret or certificate used by the app is still valid. If expired or revoked, regenerate the secret or re-grant permissions.

    4.For managed identities: Confirm that the managed identity is still active and has the necessary permissions.

    Once the identity or token is refreshed, try reconnecting to Azure Analysis Services.

    Hope this helps. Do let us know if you have any further queries.

    0 comments
  2. VRISHABHANATH PATIL 1,820 Reputation points Microsoft External Staff Moderator
    2025-11-14T03:13:50.7333333+00:00

    Hi,

    I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.

    0 comments
  3. Roger 20 Reputation points
    2025-11-14T17:00:55.29+00:00

    Thanks to one and all. I did locate the user who was connected to the Azure Analysis Services and had the person re-logon. All seems to be in order now and the simple solutions are the best.

    Thanks to you all.

    Roger

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.