Error Message
During a Microsoft 365 migration, you may encounter this Azure AD authentication error:
AADSTS50126: Error validating credentials due to invalid username or password.
Cause
This error occurs when the migration account credentials configured in your source or target connector are invalid. Common causes include:
- Incorrect password - Typo or outdated password in connector settings
- Password expiration - The password has expired since connector setup
- Account lockout - Too many failed login attempts locked the account
- Recent password change - Password was changed but connector not updated
- Conditional Access policies - Security policies blocking the login
Solution
Follow these steps to resolve the authentication error:
Step 1: Update Connector Credentials
- Log in to the Cloudiway Portal
- Navigate to Connectors
- Identify which connector is causing the error (source or target)
- Click Edit on the affected connector
- Re-enter the correct username (typically the admin email)
- Re-enter the updated password
- Click Save
- Click Test Connection to verify
Copy-Paste Carefully
When entering passwords, be careful of leading/trailing spaces that may be accidentally copied. Type the password manually if copy-paste doesn't work.
Step 2: Verify Account Access
If updating credentials doesn't resolve the issue, verify the account works independently:
- Open an incognito/private browser window
- Navigate to https://portal.office.com
- Attempt to sign in with the same credentials used in Cloudiway
- If login fails, the issue is with the Microsoft account, not Cloudiway
Step 3: Check Conditional Access Policies
Conditional Access policies may be blocking the migration account:
- Sign in to the Azure Portal
- Navigate to Azure Active Directory → Security → Conditional Access
- Review active policies that might affect the migration account
- Consider creating an exclusion for the migration service account
MFA Considerations
If MFA is required for all users, you may need to use app passwords or configure an exclusion for the migration account. See our MFA compliance guide.
Prevention
To prevent this error in future migrations:
- Use dedicated service accounts - Create accounts specifically for migration that don't expire
- Disable password expiration - Set migration accounts to have non-expiring passwords during the project
- Exclude from Conditional Access - Create policy exclusions for migration accounts
- Use certificate authentication - Configure EntraID apps with certificates instead of passwords
- Document credentials securely - Store credentials in a password manager
Best Practice: Certificate Authentication
Instead of password-based authentication, consider using certificate-based authentication for your EntraID application. This eliminates password expiration issues and improves security. See our EntraID application guide.
Error Resolved?
After updating the credentials, retry your migration. The error should no longer appear if the credentials are correct and the account has proper access.