Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, April 20, 2017 6:54 PM
Activate Office appears for first time use. I cant understand why - after lots of Google reading it seems that this should'nt be with my setup. Can anyone help me troubleshoot?
(dont mind the red arrow)
**Client(s)**Windows 10 Pro x64 version 1607
Users are Azure AD joined and auto Intune enrolled
Latest Microsoft Office 2016 ProPlus
Click-to-Run from Office 365 education subscription
Configuration.xml
<Updates Channel="Current" Enabled="TRUE"/>
<display accepteula="True" level="None"><Display AcceptEULA="True" Level="None"/></display><logging level="Standard" path="%temp%"><Logging Level="Standard" Path="%temp%"/>
</logging><property name="AUTOACTIVATE" value="1"><Property Value="1" Name="AUTOACTIVATE"/>
</property><property name="FORCEAPPSHUTDOWN" value="TRUE"><Property Value="1" Name="SharedComputerLicensing"/>
</property><property name="PinIconsToTaskbar" value="FALSE">
Registry
[HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\common\OfficeUpdate]
"EnableAutomaticUpdates"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Registration]
"AcceptAllEulas"=dword:00000001
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\firstrun]
"BootedRTM"=dword:00000001
"disablemovie"=dword:00000001
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common]
"qmenable"=dword:00000000
"sendcustomerdata"=dword:00000000
"autoorgidgetkey"=dword:00000001
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\general]
"shownfirstrunoptin"=dword:00000001
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\feedback]
"enabled"=dword:00000000
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\ptwatson]
"ptwoptin"=dword:00000000
[HKEY_CURRENT_USER\software\Microsoft\Office\16.0\Common\General]
"ShownFileFmtPrompt"=dword:00000001
Modern authentication Enabled
Sharepoint Online is Enabled (standard)
Exchange Online is Enabled
Skype for Business Online is Enabled
ADFS configuration
Endpoint enabled on all ADFS servers
Enable-AdfsEndpoint -TargetAddressPath “/adfs/services/trust/13/windowstransport”
Internal
Form authentication
Windows authentication
External
Form authentication
Trust zones in Internetoptions
Enabled the domain URL where servers like ADFS whereabout and under intranet zones.
Also enabled these these:
"*.microsoftonline.com"="2"
"*.microsoft.com"="2"
"*.office.com"="2"
"*.outlook.com"="2"
"*.office365.com"="2"
"*.live.com"="2"
"*.skype.com"="2"
"*.sharepoint.com"="2"
"*.sharepointonline.com"="2"
"*.windows.net"="2"
"*.lync.com"="2"
"*.windowsazure.com"="2"
"*.microsoftazuread-sso.com"="2"
"aadg.windows.net.nsatc.net"="2"
ADAL
I have tried to add the reg value. But should'nt be needing this in Office 2016.
[HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity]
"EnableADAL"=dword:00000001
All replies (23)
Friday, April 21, 2017 4:45 PM
Click-to-Run from Office 365 education subscription
Configuration.xml
...
</property><property name="FORCEAPPSHUTDOWN" value="TRUE"><Property Value="1" Name="SharedComputerLicensing"/>
I see you've enabled "shared computer activation" for the installation. However, to the best of my knowledge, Office 365 Education subscription doesn't include Office 365 ProPlus, which is a prerequisite to configure SCA:
https://technet.microsoft.com/en-us/library/office-365-plan-options.aspx
Could you please elaborate a bit on your configuration? Are you trying to configure SSO via ADFS for Office 365?
Regards,
Ethan Hua
Please remember to mark the replies as answers if they helped.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, April 21, 2017 6:02 PM
Yes, It should not affect anything. I have tried without it aswell. All I get is a different activation prompt. Instead of enter Office 365 e-mail it say's "Enter your product key". The shared feature just gives you a token so Office is activated on the computer for all users.
The users have Office 365 Education and Office 365 ProPlus.
I can manually activate Office - no problem. It's the automation I crave ^_^
Yes, but SSO via ADFS should already be enabled. I hope.. The modern authentication works. I dont have to enter password. SSO works in Skype, Outlook and Office. Also Microsoft Edge when browsing to https://portal.office.com (Office 365 portal).
Im just stuck with this activation prompt at first time login. If I manually enter e-mail the activation go thru and never appears again.
Saturday, April 22, 2017 9:30 AM
Trust zones in Internetoptions
Enabled the domain URL where servers like ADFS whereabout and under intranet zones.Also enabled these these:
"*.microsoftonline.com"="2""*.microsoft.com"="2"
"*.office.com"="2"
"*.outlook.com"="2"
"*.office365.com"="2"
"*.live.com"="2"
"*.skype.com"="2"
"*.sharepoint.com"="2"
"*.sharepointonline.com"="2"
"*.windows.net"="2"
"*.lync.com"="2"
"*.windowsazure.com"="2"
"*.microsoftazuread-sso.com"="2"
"aadg.windows.net.nsatc.net"="2"
did you configure IWA for TrustedSitesZone ?
Don [doesn't work for MSFT, and they're probably glad about that ;]
Saturday, April 22, 2017 12:24 PM
did you configure IWA for TrustedSitesZone ?
Well, if you mean Internet options -> Security ->Internet / Local Intranet / Trusted sites -> Custom level -> User authentication (Logon), then yes.
By default 'Automatic logon only in Intranet zone' is enabled. This value should be enough because ADFS serveraddress is set as Local intranet. But I have laborated with enabling 'Automatic logon with current user name and password' aswell. What setting is recommended here?
Is there any other setting you're aiming for?
EDIT: I think I will have a look at IWA again.
EDIT 2: Ok.
- Added all sites in Trusted sites.
- Marked 'Automatic logon with current user name and password' in custom level under all Internet / Local Intranet / Trusted sites.
"Activate Office" prompt still there bugging me..
Saturday, April 22, 2017 7:10 PM
Here is a clip of the problem, to be clear.
(sorry for flickering video)
Sunday, April 23, 2017 1:30 AM
2. Marked 'Automatic logon with current user name and password' in custom level under all Internet / Local Intranet / Trusted sites.
Hmm, ok, not that problem then. (probably best not to leave IWA enabled for the Internet zone, it's a bit credential-leaky ;)
Sorry not sure what to try next :(
Don [doesn't work for MSFT, and they're probably glad about that ;]
Sunday, April 23, 2017 1:43 AM
Not sure if it's still relevant (this is from a topic in TN library about OFF2013/2016, might not apply to ProPlus?)
https://technet.microsoft.com/en-us/library/cc178992.aspx
"Automatically activate Office with federated organization credentials "
Policy Path in gpedit/gpme: Microsoft Office 2016\Subscription Activation
Description:
*This policy setting activates Office on users computers without prompting them to sign in to their Office 365 accounts.
If you enable or do not configure this policy setting, and a user is already signed in with federated organization credentials, Office automatically activates when the user first starts an Office application.*
*If either multiple or no organization credentials are found, the user is prompted to sign in.
If you disable this policy setting, Office might prompt the user to sign in with their organization's credentials if Office is not installed directly by the user from his or her Office 365 account homepage.*
Don [doesn't work for MSFT, and they're probably glad about that ;]
Sunday, April 23, 2017 1:57 AM
and, just to check, you've enabled/configured the tenant for federation?
https://technet.microsoft.com/en-au/library/jj151809.aspx
maybe run a check for that, via RCA:
http://go.microsoft.com/fwlink/?linkid=235759
and this checklist:
https://technet.microsoft.com/en-au/library/jj205462.aspx
Don [doesn't work for MSFT, and they're probably glad about that ;]
Sunday, April 23, 2017 5:06 AM
arg..
You *do* have SCA/SCL enabled at these clients?
That discussion doesn't seem to have resolved/closed, but the reference to the documentation;
the documentation is rather vague on the matter...
"If your environment is configured to synchronize Office 365 and network user accounts, then the user probably won’t see any prompts. Office 365 ProPlus should automatically be able to get the necessary information about the user’s account in Office 365."
maybe you can follow up in that techcommunity discussion or board?
Or, log a case to get a bit more help?
Don [doesn't work for MSFT, and they're probably glad about that ;]
Sunday, April 23, 2017 9:44 AM
Not sure if it's still relevant (this is from a topic in TN library about OFF2013/2016, might not apply to ProPlus?)
https://technet.microsoft.com/en-us/library/cc178992.aspx
"Automatically activate Office with federated organization credentials "
Policy Path in gpedit/gpme: Microsoft Office 2016\Subscription Activation
Yes that's the registry value of "autoorgidgetkey"
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common]
"autoorgidgetkey"=dword:00000001
I have also tried using the gpedit.msc settings (with admx) if the reg-values didn't take. But no luck..
Sunday, April 23, 2017 9:59 AM
and, just to check, you've enabled/configured the tenant for federation?
https://technet.microsoft.com/en-au/library/jj151809.aspx
maybe run a check for that, via RCA:
http://go.microsoft.com/fwlink/?linkid=235759and this checklist:
Everything checks good when testing Microsoft RCA -> Office 365 -> Microsoft SSO.
Once the Office suite is activated, the SSO for user login works fine. I dont have to login with O365 credentials at all. Not in Word, Skype n'or Outlook. It works awsome, it's just this first time activation experiance im stuck with.
Good pointers though! Thanks for the effort.
Sunday, April 23, 2017 10:03 AM
2. Marked 'Automatic logon with current user name and password' in custom level under all Internet / Local Intranet / Trusted sites.
Hmm, ok, not that problem then. (probably best not to leave IWA enabled for the Internet zone, it's a bit credential-leaky ;)
Sorry not sure what to try next :(
Don [doesn't work for MSFT, and they're probably glad about that ;]
Should I put all my URL's in 'Local Intranet' and enable 'Automatic logon with current user name and password' in custom level under 'Local Intranet'?
Or
Shall I distribute the URL's as I already did and leave User authentication (Logon) to default 'Automatic logon only in Intranet zone'?
Sunday, April 23, 2017 11:19 AM
arg..
You *do* have SCA/SCL enabled at these clients?
That discussion doesn't seem to have resolved/closed, but the reference to the documentation;
the documentation is rather vague on the matter...
"If your environment is configured to synchronize Office 365 and network user accounts, then the user probably won’t see any prompts. Office 365 ProPlus should automatically be able to get the necessary information about the user’s account in Office 365."
maybe you can follow up in that techcommunity discussion or board?
Or, log a case to get a bit more help?
Don [doesn't work for MSFT, and they're probably glad about that ;]
Yeah I read this documentation, it focuses more on after you activation so multiple users can use the office applications w/o going trhu the activation everytime. It tell's us that SCA/SCL installs a token that the application reads. I have tried this and it works very well. But still, the first activation prompt persist.
And as you quote; the documentation leave us in a blurred interpretation if it should work or not. "propably won't see any prompts"..
If I go ahead and disable SCL..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
SharedComputerLicensing = 0
then, like I said, I get another prompt where they ask for product key. Have a look at this video:
https://youtu.be/hx6u8Dn_dXA
Hmmm, feels like I have turned Google up-side-down already ^_^
That thread seems to focus on the SharedComputerLicensing feature, but I'll perhaps create a new discussion in the techcommunity. Thanks
Sunday, May 21, 2017 12:54 PM
Update:
When I run the Click-to-Run Setup.exe from https://portal.office365.com this works fine. Office auto activates for the user at first time run.
So this problem just occures with the Office Deployment Tool.
So for my enviornment I will use the setup from Office 365 portal from now on. The bad thing about it is that I cant download a local source with it. Have to run setup with Internet connection. setup.exe /download dont work.
EDIT:
Did'nt work on next computer after applying image of the reference computer.
I think sysprep /generalize wiped the necessary stuff or it only works for the computer it installs on...
Monday, October 2, 2017 6:19 PM
I totally got this working. I can't find my documented info but here's a brieg outline that I remember correctly:
I may have went one step further and enabled seamless sign on
Here is my particular config file (Has some exclusions):
<Configuration>
<Add OfficeClientEdition="32" Channel="Current">
<Product ID="O365ProPlusRetail">
<Language ID="en-us" />
<ExcludeApp ID="Groove" />
<ExcludeApp ID="OneDrive" />
<ExcludeApp ID="Outlook" />
</Product>
</Add>
<Display AcceptEULA="TRUE" />
<Property Name="SharedComputerLicensing" Value="1" />
<Property Name="PinIconsToTaskbar" Value="FALSE" />
<Property Name="AUTOACTIVATE" Value="1" />
</Configuration>
Wednesday, October 11, 2017 9:57 PM
Hoping you have what you did laying around somewhere, we're seeing the same behaviour you are and have exactly the same setup, everything works seamlessly except the initial activation prompt won't go away.
Thursday, October 19, 2017 9:06 PM
Same issue here, we opened an Incident at Microsoft but as we don't use ADFS but F5 as the IdP they asked us to check with F5, even if we see with fiddler that the workstation received the Activationwindow prompt before being redirected to the IdP.
To follow
Wednesday, November 15, 2017 3:42 PM
Same here, still getting the Shared Computer activation prompt with Pass-Through Authentication and SSO enabled. I have very similar config file to above.
Wednesday, January 3, 2018 12:52 AM
Hi There,
Did you get this issue resolved?
Thursday, November 8, 2018 11:13 PM
Any updates here? We are having the same issue. Office 365 Pro Plus, users are signed into the office product automatically, but are being prompted on first launch to sign in to activate. After that it works, but we shouldn't have to do that. We have the xml setup the same as above, and gpo enabled to auto activate with federated credentials.
Any help?
Thursday, July 4, 2019 5:11 PM
Any Updates to this? Same issue here...
Tuesday, July 9, 2019 1:26 PM
I did find a fix for this error and hope it helps others.
There is a "system" proxy setting that was causing the issue for me. You can check this setting and remove it with the following two commands from a command prompt:
netsh winhttp show proxy
netsh winhttp reset proxy
The correct result should be "Direct access (no proxy server)"
If the setting was there and the second command removes it, just launch Word and your app will activate.
Friday, August 23, 2019 9:21 AM
I fixed the issue with this solution:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001