Wednesday, April 1, 2015

Office 365 activation issue on RDS running Office 365 Click2run (C2R) with Shared Activation (0x80004005)

Consider the following scenario

  • An RDS environment that hosts one or more RDSH servers with Office 2013 Click 2 Run installed.
  • Shared activation has been enabled
  • Federation is not in place so activation relies on a user activating manually once by entering his O365 credentials
  • Registry value NoDomainUser is configured to 1 (Advised by Microsoft in case of the scenario above) also see  https://support.microsoft.com/en-us/kb/2913639

A new user who doesn’t have a profile yet, logs on for the first time and launches an Office application for the first time and gets prompted with the Office 365 activation screen. This is expected behavior in environments where federation is not in place.

The user finishes the activation and is seems to have been successful when checking the account tab in Word at that time.

image

However, when the user closes Office (in the case Word) and opens another Office application, he’s now suddenly being prompted with the error “Sorry, we cannot verify the license currently installed for this productError code 0x80004005

This is because at this point no Credential has been created in the Credential store.

image

And the user has to perform activation again (even within the same RDS session).

Why is this? The fix by adding the NoDomainUser registry value does not completely fix the issue. This is because the first time an Office application is launched, it completely removes the Identity Registry Key (including the NoDomainUser registry value).

Process Monitor confirms this:

image

What Process Monitor also reveals is that prior to deleting the Identity key, the value or Version is queried, and it cannot be found, because no identity has been configured yet.

image

Apparently Office first checks if an identity version is in place and only if there isn’t, it removes the Identity key.

So how to make the fix complete? Besides adding the NoDomainUser based on the KB article, we also add a fake version registry value using a GPO Preference, and set that to apply Once.

image

This results in the following in the HKCU at first logon

image

This causes Office to think there is an identity in place and thus it does not remove the key, which allows the NoDomainUser key to do it’s work, which results in a successful activation at first logon!

I’ve Been in contact with the Office Team, and they have confirmed that an official fix is on track to go live in April update release!

When in doubt, use Process Monitor! Winking smile

15 comments:

  1. Hi,

    We've implemented your solution in an environment consisting of multiple RDS host and it looked like it was working, but after a reboot of the RDS server the problem of re-activation reappeared, is this working for you or did you experience this as well?

    ReplyDelete
  2. I have the same issue Kevin. Upon reboot of any of our RDS servers. RDS activation is required.

    ReplyDelete
  3. I also forgot to mention. I a dirsync only environment (no ADFS) and have both registry values set (NoDomainUser = 1 and Version = 1) via GPO. If I don't reboot the RDS servers its fine. But that's not an option as maintenance is performed on a weekly bases on our RDS Servers.

    If you find more information please share. Ill be in contact with Microsoft as well to see if they have a solution..otherwise back to Office 2010.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. I now have a case open with MS. 1296550861
    Logs have been collected. I will share information once I hear back.

    Here is a blog discussing the same issue. https://community.office365.com/en-us/f/158/t/289058

    ReplyDelete
  6. I guess the Official Fix NEVER happened! Grrrrr!
    Do they not realize that this is IMPORTANT!?

    ReplyDelete
  7. We still need a solution in our company environment as well. Nothing new ?

    ReplyDelete
  8. Any development on this issue? Also I would like to verify if this issue can be resolve in Office click to run 2016

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. We use ADFS, we've had the same issue and we've tried the GPO and at first it seemed to work.
    But after a while a User came back with the issue (times 10) every time he closed and opened a Office Application he got the error and had to login again every time he opened a office application.

    We've disabled the NoDomainUser (Value Data: 000000000)
    And the issue dissapears for everybody that has had any issue with (sorry we cannot verify your license....)

    Maybe this is helpfull to somebodey with the same issues.

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. Hello! Thanks a lot for this detailed explanation about Office 365 activation issue on RDS running Office 365 Click2run, I just needed it. See also some interesting information about Microsoft Dynamics AX http://ax-dynamics.com/microsoft-dynamics-ax

    ReplyDelete
  13. Project Server Support

    http://www.glms.com.au/small-medium-business/

    Please Click below website here & Get information about Project Server Support. It will be Ppm Consultants.

    ReplyDelete
  14. It is now March 2018 and this issue still exists. I am trying to fix this since 3 weeks. This is.... I cant use those words but I am very upset. Its a joke from MS.

    We have ADFS and AZURE AD and still issues with activation.

    ReplyDelete