In this post, we will explore the cause and also provide the solution to the issue of Event 1098: Error: 0xCAA5001C Token broker operation failed in Windows 11/10. You might experience this issue when you log on to a Windows 11/10-based computer and you try to access Windows Store for Business. However, the Azure Active Directory (AAD) authentication fails. and Event 1098 is logged in the Microsoft-Windows-AAD/Operational log.
Event ID 1098: Error 0xCAA5001C, Token broker operation failed
This issue occurs if there are missing permissions or ownership attributes on one or both of the following Registry keys:
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\ Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\PSR
HKEY_USERS\S-1-5-21-299502267-1950408961-849522115-1818\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\PSR
Match the SID reported for the user in event ID 1098 to the path under HKEY_USERS. In this case, it is-
S-1-5-21-299502267-1950408961-849522115-1818
To resolve this issue, do the following:
1. Take ownership of the key if necessary (Owner = SYSTEM).
2. Fix the permissions on these registry keys shown above by enabling inheritance (fixing one should fix both unless multiple users log on to the same device). See the image below:
If you view the permissions of the ~\PSR Registry key under HKEY_USERS\{SID}, the Inherited from field shows inheritance from the HKEY_USERS\{SID} path.
If this does not resolve the issue, consider running Process Monitor while performing the authentication method to look for ACCESS DENIED in other areas of the Registry or file system that could be causing the authentication failure.
This issue may affect the Microsoft Store for Business as well as Enterprise State Roaming.
