AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed (4224714)

MNE migration jobs fail at authentication and do not connect to the target mailbox. The log shows an Azure AD/MSAL error first, followed by a mail-store error:

ERROR: [0-239-10-80131500] System.AggregateException: One or more errors occurred.
Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed.
The grant was issued on '2021-09-01T13:37:21.7948563+00:00' and the TokensValidFrom date for this user is '2021-09-01T15:09:58.0000000Z'.

Then:

ERROR: [4072-25-4-00000000] Unable to open target mail store 'user@domain.com'

The second error is a downstream symptom of the failed authentication.

Azure AD rejected the cached OAuth token used by MNE because it is no longer valid. This happens when the user’s TokensValidFrom timestamp moves forward (e.g., password change/reset, admin-forced sign-out/session revocation, policy update), making previously issued tokens invalid. Common contributing factors:

• Stale/mismatched cached tokens on the MNE console (e.g., %TEMP% token files or C:\Users\<username>\AppData\Local\.IdentityService).

• Different account was used during a prior sign-in/consent, so MNE is presenting a token for the wrong identity.

• Outlook profile cache holding an old auth context for the service account.

Re-entering credentials alone may not replace the invalid cached token; clearing the token caches (and, if needed, recreating the Outlook profile) is required. In the referenced customer case, a different account had been used during migration and the cleanup steps exposed that mismatch.

Perform the following steps on the MNE console machine. Close MNE and all Office/Outlook apps first. Test after each step; proceed to the next only if the issue persists.

1. Clear MNE token cache files (per-user %TEMP%)

   • Open Run → type %TEMP% → Enter.

   • Delete these files if present:

     • MNEUnifiedTokenCache.dat

     • MNETokenCache.dat

2. Clear Windows Identity cache (fresh tokens on next sign-in)

   • Navigate to: C:\Users\<username>\AppData\Local\.IdentityService

   • Delete the contents of the .IdentityService folder (or rename the folder to back it up).

   • Note: The user will be prompted to re-authenticate in Office apps/MNE; this is expected.

3. Recreate the Outlook profile (fresh profile, fresh auth context)

   • Go to Control Panel → Mail (Microsoft Outlook) → Show Profiles…

   • Select the affected profile → Remove.

   • Click Add… → create a new profile → add the Exchange/Microsoft 365 account.

   • Set the new profile as default if needed.