Office 365 App keeps asking for your password [WORKAROUND]
You can't sign in after you update to Office 2016 build 16.0.7967 or later on Windows 10
Change Group Policy to add the following registry value at user login:
Overview
This article contains information about a new authentication framework for Microsoft Office 2016.
By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows Version 1703, build 15063.138).
Symptoms
You may experience one of the following symptoms after you update to Office 2016 build 16.0.7967 or a later version on Windows 10.
Symptom 1
The Office sign-in workflow stops or shows no on-screen progress. The sign-in window shows a "Signing in" message or a blank authentication screen.
Symptom 2
You receive a "You’ll need the Internet for this" message when you switch networks or your computer wakes up after a long suspension or sleep.
Note The issue that occurs when switching networks is fixed in Office build version 1805 (build 9330.2078) and later builds. (The dialog box may still appear with other error codes for other issues.)
Symptom 3
Outlook displays a "Need Password" option (in the ribbon or task bar). Clicking the option causes a white authentication dialog box to appear briefly and then disappear before you can enter the password.
Symptom 4
During Office activation or sign-in or when you log on to Outlook for the first time by using an Azure AD account, you receive an "Add this account to Windows?" message.
Symptom 5
When you’re working on a document that’s saved in the cloud, the Office client randomly prompts you for credentials.
Symptom 6
When you try to open or save a document in Microsoft SharePoint Online, OneDrive for business, or SharePoint, you’re prompted for credentials. After you enter credentials, you’re prompted again.
Symptom 7
Office ProPlus clients prompt you with an activation screen when you’re already activated. When you enter a value of UserID or UserPrincipalName, the screen vanishes before you can enter the password.
Symptom 8
You have a non-persistent Virtual Desktop Infrastructure (VDI) environment that has a federated Identity Provider (IdP) that is configured as Single-Sign On (SSO). You do not expect to be prompted to activate/sign-in, because SSO is configured. However, you are prompted to sign in for each new session. Office ULS logs reveal this error:
{"Action": "BlockedRequest", "HRESULT": "0xc0f10005"
Note Please open a support case if you see this issue. We still need to get more logs to help isolate the issue.
Resolution
Note This resolution applies only to Symptom 1.
Because of the introduction of WAM, nonsecure endpoints (non-HTTPS) traffic is blocked in authentication workflows. Make sure that all authentication endpoints follow the HTTPS protocol.
Workaround
Note This workaround applies to Symptoms 1–7.
Warning This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the Microsoft Help article:
322756 How to back up and restore the registry in Windows
Change Group Policy to add the following registry value at user login:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001
"DisableADALatopWAMOverride"=dword:00000001
Note After a fix for this issue is released, you should remove this registry workaround, or authentication experiences may be degraded. This registry value should not be used as a long-term solution. We will update this article periodically to address concerns about the fix.
More Information
- Starting in Office Version 1805 (build 9330.2078), an updated version of ADAL 1.2.3 addresses some issues and has better logging capabilities. Please update to this version to test whether the issue is still occurring, and use this version or a later version to gather logs for support cases.
- On Windows 7, Windows 8, Windows 8.1, or Windows 10 builds that are earlier than 15000, ADAL authentication is the only option.
- The Windows build should be later than 15000 (Windows Version 1703, build 15063.138, Generally Available). For more information, see Windows 10 release information.
- This article applies if you use Microsoft Federation or non-Microsoft Federation solutions.
Comments
Post a Comment