Consider the following scenario
- An RDS environment that hosts one or more RDSH servers with Office 2013 Click 2 Run installed.
- Shared activation has been enabled
- Federation is not in place so activation relies on a user activating manually once by entering his O365 credentials
- Registry value NoDomainUser is configured to 1 (Advised by Microsoft in case of the scenario above) also see https://support.microsoft.com/en-us/kb/2913639
A new user who doesn’t have a profile yet, logs on for the first time and launches an Office application for the first time and gets prompted with the Office 365 activation screen. This is expected behavior in environments where federation is not in place.
The user finishes the activation and is seems to have been successful when checking the account tab in Word at that time.
However, when the user closes Office (in the case Word) and opens another Office application, he’s now suddenly being prompted with the error “Sorry, we cannot verify the license currently installed for this product” Error code 0x80004005
This is because at this point no Credential has been created in the Credential store.
And the user has to perform activation again (even within the same RDS session).
Why is this? The fix by adding the NoDomainUser registry value does not completely fix the issue. This is because the first time an Office application is launched, it completely removes the Identity Registry Key (including the NoDomainUser registry value).
Process Monitor confirms this:
What Process Monitor also reveals is that prior to deleting the Identity key, the value or Version is queried, and it cannot be found, because no identity has been configured yet.
Apparently Office first checks if an identity version is in place and only if there isn’t, it removes the Identity key.
So how to make the fix complete? Besides adding the NoDomainUser based on the KB article, we also add a fake version registry value using a GPO Preference, and set that to apply Once.
This results in the following in the HKCU at first logon
This causes Office to think there is an identity in place and thus it does not remove the key, which allows the NoDomainUser key to do it’s work, which results in a successful activation at first logon!
I’ve Been in contact with the Office Team, and they have confirmed that an official fix is on track to go live in April update release!
When in doubt, use Process Monitor!
Hi,
ReplyDeleteWe've implemented your solution in an environment consisting of multiple RDS host and it looked like it was working, but after a reboot of the RDS server the problem of re-activation reappeared, is this working for you or did you experience this as well?
I have the same issue Kevin. Upon reboot of any of our RDS servers. RDS activation is required.
ReplyDeleteI also forgot to mention. I a dirsync only environment (no ADFS) and have both registry values set (NoDomainUser = 1 and Version = 1) via GPO. If I don't reboot the RDS servers its fine. But that's not an option as maintenance is performed on a weekly bases on our RDS Servers.
ReplyDeleteIf you find more information please share. Ill be in contact with Microsoft as well to see if they have a solution..otherwise back to Office 2010.
This comment has been removed by the author.
ReplyDeleteI now have a case open with MS. 1296550861
ReplyDeleteLogs have been collected. I will share information once I hear back.
Here is a blog discussing the same issue. https://community.office365.com/en-us/f/158/t/289058
I guess the Official Fix NEVER happened! Grrrrr!
ReplyDeleteDo they not realize that this is IMPORTANT!?
We still need a solution in our company environment as well. Nothing new ?
ReplyDeletestill waiting...
ReplyDeleteAny development on this issue? Also I would like to verify if this issue can be resolve in Office click to run 2016
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteWe use ADFS, we've had the same issue and we've tried the GPO and at first it seemed to work.
ReplyDeleteBut after a while a User came back with the issue (times 10) every time he closed and opened a Office Application he got the error and had to login again every time he opened a office application.
We've disabled the NoDomainUser (Value Data: 000000000)
And the issue dissapears for everybody that has had any issue with (sorry we cannot verify your license....)
Maybe this is helpfull to somebodey with the same issues.
This comment has been removed by the author.
ReplyDeleteHello! Thanks a lot for this detailed explanation about Office 365 activation issue on RDS running Office 365 Click2run, I just needed it. See also some interesting information about Microsoft Dynamics AX http://ax-dynamics.com/microsoft-dynamics-ax
ReplyDeleteProject Server Support
ReplyDeletehttp://www.glms.com.au/small-medium-business/
Please Click below website here & Get information about Project Server Support. It will be Ppm Consultants.
It is now March 2018 and this issue still exists. I am trying to fix this since 3 weeks. This is.... I cant use those words but I am very upset. Its a joke from MS.
ReplyDeleteWe have ADFS and AZURE AD and still issues with activation.