In this article, we will explore the cause and also provide the solution to the problem of Event 1098: Error: Token broker operation 0xCAA5001C failed in Windows 10. You may experience this issue when you sign into a Windows 10 computer and try to access the Windows Store for Business. However, Azure Active Directory (AAD) authentication fails. and event 1098 is logged in Microsoft-Windows-AAD / Operational log.
Event ID 1098: Error 0xCAA5001C, Token Broker Operation Failed
This problem occurs if there is missing permissions or property attributes on one or both of the following registry keys:
HKEY_CURRENT_USERSoftwareClassesLocal SettingsSoftwareMicrosoftWindowsCurrentVersionAppModelSystemAppData Microsoft.AAD.BrokerPlugin_cw5n1h2txyewyPSR
HKEY_USERSS-1-5-21-299502267-1950408961-849522115-1818SoftwareClassesLocal SettingsSoftwareMicrosoftWindowsCurrentVersion AppModelSystemAppDataMicrosoft.AAD.BrokerPlugin_cw5n1h2txyewyPSR
Match the SID reported for the user in event ID 1098 to the path under HKEY_USERS. In this case, it is S-1-5-21-299502267-1950408961-849522115-1818.
To resolve this issue, do the following:
1. Take possession of the key if necessary (Owner = SYSTEM).
2. Correct the authorizations on these registry keys indicated above by activating inheritance (the correction of only one should resolve both unless several users connect to the same device). See the picture below:
If you view the permissions of the ~ PSR Registry key under HKEY_USERS {SID}, on Inherited from The field shows the inheritance of the path HKEY_USERS {SID}.
If that does not resolve the issue, consider running Process Monitor while running the authentication method to find ACCESS DENIED in other areas of the registry or file system that could cause authentication to fail.
This issue can affect Windows Store for Business as well as Enterprise State Roaming.
