Trying to connect with Entra ID to a Windows 11 Virtual machine receiving AADSTS500113 error

Question

Trying to connect with Entra ID to a Windows 11 Virtual machine receiving AADSTS500113 error

JohnSebastian-3934 546

I've got two Windows 11 VMs that are Entra ID Joined. Both have the AADLoginforWindows extention.

I'm trying to use Entra ID authentication from the Azure Portal. I go through all of the login authentication and then receive:

AADSTS500113: No reply address is registered for the application

There is another question post on here from 21-Nov-2025 where a responder suggests going to Azure App Registrations and looking for an App named Azure Bastion Native Client to see if it has a redirect URI.

I do not see any application in my app registrations called Azure Bastion Native Client. What is the Azure Bastion NAtive Client app? Is this a legit app? How does it get installed? I don't see it documented anywhere.

JohnSebastian-3934 546 Reputation points

2025-12-01T22:26:21.1133333+00:00

OK Thank you for the reply. The AI Assist is such a waste of my time. I totally appreciate a response from a real person with correct inside information. Will there be an announcement of when this is available?
Rukmini 10,825 Reputation points Microsoft External Staff Moderator

2025-12-01T22:27:53.19+00:00

JohnSebastian-3934, I will update you here!
Lucas Gallagher 0 Reputation points

2025-12-08T20:07:45.1666667+00:00

We have this issue also, so will be watching this thread!

Also using the same auth flow for a Windows Server 2019 VM to connect via Bastion with Entra ID doesn't even get that far, instead just says 'connection error' (other authentication mechanisms work fine). Will the issue with Windows Server 2019 also be resolved, or is that (admittedly old, now) OS not going to support this feature at all?

And if the answer is 'not supported', can we have the logic that makes Entra ID the default auth method updated so it doesn't display it as an option? It risks causing confusion among our end users.

2 answers

Your answer

JohnSebastian-3934 546 Reputation points

2025-12-01T22:26:21.1133333+00:00

OK Thank you for the reply. The AI Assist is such a waste of my time. I totally appreciate a response from a real person with correct inside information. Will there be an announcement of when this is available?
Rukmini 10,825 Reputation points Microsoft External Staff Moderator

2025-12-01T22:27:53.19+00:00

JohnSebastian-3934, I will update you here!
Lucas Gallagher 0 Reputation points

2025-12-08T20:07:45.1666667+00:00

We have this issue also, so will be watching this thread!

Also using the same auth flow for a Windows Server 2019 VM to connect via Bastion with Entra ID doesn't even get that far, instead just says 'connection error' (other authentication mechanisms work fine). Will the issue with Windows Server 2019 also be resolved, or is that (admittedly old, now) OS not going to support this feature at all?

And if the answer is 'not supported', can we have the logic that makes Entra ID the default auth method updated so it doesn't display it as an option? It risks causing confusion among our end users.

Answer 1

Rukmini 10,825 Microsoft External Staff Moderator

Hello JohnSebastian-3934,

This issue has been observed over multiple subscriptions. Our Engineering team has identified a fix and hopes to deploy during the deployment window in December. Tentatively setting ETA for mid-December to account for roll out across all regions.

As per the update the issue has been fixed!

If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

JohnSebastian-3934 546 Reputation points

2025-12-10T16:25:49.6166667+00:00

This feature appears to be working now. I just tried connecting to my Entra ID Joined VMs from the Azure Portal with the Bastion Service and was successful. Not sure if any announcement has been made but my issue is solved.
Rukmini 10,825 Reputation points Microsoft External Staff Moderator

2025-12-10T20:21:45.99+00:00

Hello JohnSebastian-3934, Thanks for the update!

Hello JohnSebastian-3934, The issue has been fixed!

If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

Answer 2

The error AADSTS500113 indicates that there is no reply address registered for the application you are trying to authenticate with. In the context of Azure Bastion and Entra ID, the application you are looking for is likely related to the Bastion service that allows you to connect to your VMs using the native client.

The Azure Bastion Native Client is not a standalone application that you install; rather, it is part of the Azure Bastion service that facilitates connections to VMs using RDP or SSH. When you use the Azure Portal to connect to a VM, the Bastion service manages the authentication process, including redirect URIs.

If you do not see an application named "Azure Bastion Native Client" in your App Registrations, it may be due to the specific configuration of your Azure environment or the way the Bastion service is set up. You should ensure that your Azure Bastion configuration is correct and that the necessary permissions and redirect URIs are properly set up in the Azure portal.

To resolve this issue, you may want to check the following:

Ensure that the Azure Bastion service is correctly configured in your Azure environment.
Verify that the redirect URIs for the Bastion service are correctly registered in the App Registrations section of Azure Active Directory.
If necessary, consult the Azure documentation or support for further assistance regarding the Bastion service and its integration with Entra ID.

Share via

Trying to connect with Entra ID to a Windows 11 Virtual machine receiving AADSTS500113 error

2 answers

Your answer