Outlook Sign-in Error CAA2000B – How to Resolve
Applies To:
Windows 10/11 | Microsoft Outlook (M365) | Azure AD Sign-In
Error Code: CAA2000B
Category: Microsoft 365, Email, Authentication
🔍 Summary
Clients may experience the following error when launching Outlook for Microsoft 365:
"CAA2000B: The attempted operation is prohibited because it exceeds the time limit."
This issue is tied to stale or broken tokens and often occurs after an update or network change, particularly on Azure AD-joined or Hybrid-joined devices.
🧩 Root Cause
This error is triggered by a corrupted Web Account Manager (WAM) cache, leading to failed Modern Authentication attempts. It can affect more than just Outlook — other M365 apps may fail to authenticate as well.
✅ Resolution Steps
1. Clear WAM and Token Cache
Run the following PowerShell script as Administrator to clear WAM-related tokens:
- # Close all Office apps first
- Get-Process -Name "OUTLOOK", "WINWORD", "EXCEL", "TEAMS" -ErrorAction SilentlyContinue | Stop-Process -Force
- # Clear WAM and WebAuth token cache
- Remove-Item -Path "$env:LOCALAPPDATA\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\*" -Recurse -Force
- Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Office\16.0\WAM\*" -Recurse -Force
2. Remove Work/School Accounts from Windows
Go to Settings → Accounts → Access work or school
Remove the affected Work or School account
Reboot the computer
3. Re-Add the Account
Reconnect the Work/School account via the same Access work or school menu
Sign back into Outlook
💡 Pro Tip
If issues persist, re-register the AAD device using the following command:
- dsregcmd /leave
- shutdown /r /t 0
- dsregcmd /join
🧪 Test & Validate
Once completed, relaunch Outlook and confirm successful sign-in. Verify Teams and OneDrive as well, since they use the same auth stack.
📌 Notes
If the user is on a non-corp device, try Office Repair via
App & Features→ Modify → Quick Repair / Online RepairFor persistent issues, escalate to Tier 2 to review Azure AD sign-in logs
Related Articles
How to send and receive encrypted emails in Outlook Web Access (OWA)
Sending an encrypted email: Login to Outlook Web Access (OWA). When composing an email, click on the Encrypt icon at the top of the email window. Compose your message and send. Receiving an encrypted email: Click on "Read the message" to open and ...How to Send as Alias in Outlook
BMIT or your Microsoft Office 365 administrator will need to add an alias to your account first before you can use this feature. Users can’t create aliases themself. Outlook on the web and Outlook for iOS and Android now support sending from aliases. ...How to Stop Outlook From Moving Emails to Junk or Spam Folder
No one likes spam or junk email. The Outlook Junk Email Filter doesn’t stop delivery of junk email messages, but does the next best thing—it moves suspected spam to the Junk Email folder. It's a good idea to regularly review messages in the Junk ...Print email messages, attachments, and calendars in Outlook on the web
You can print email messages, attachments, and calendars in Outlook on the web. Print email messages in Outlook on the Web Sign in to Outlook on the web. Select the message that you want to print. At the top of the page, select > Print. A preview of ...Archiving Emails in Outlook
Archiving will move emails off of the network mail server to your local computer, where you will still be able to access them through Outlook. Archiving regularly helps free space on Webster’s email servers. You can archive items manually whenever ...