Office 365 activation issues with FSLogix and ADFS

fslogix

I’ve been involved in troubleshooting some activation issues with Office 2016 Click to Run with Office365 subscriptions recently.

The symptoms would include being asked to activate Office at random intervals and when activated clicking on the user name in the top right hand corner of any office app or within the account information menu an error would be displayed saying “Sorry we can’t get to your account right now. To fix this, please sign in again”.

Also FSLogix was in the mix as this was occurring within a non-persistent VDI environment.

When you sign into an office365 account to activate your software, tokens are stored within your profile to indicate that you have activated successfully. These tokens are stored within c:\users\%username%\%localappdata%\Microsoft\Office\16.0\Licensing and are valid a few days before Office will try to renew the tokens over the internet.

In order to ensure that the activation process can occur you will need to make sure that the URL’s within the following Microsoft KB article HERE are available within your environment.

As we were also uses FSLogix to cache the OST file we also discovered that by default FSLogix also caches the activation tokens within licensing folder. However when utilising ADFS with SSO these tokens should NOT be cached or roamed.

The Microsoft documentation on this process isn’t exactly crystal clear however it states the following:

If you don’t use single sign-on, you should consider using roaming profiles and include the following two folders as part of the roaming profile:

  • %localappdata%\Microsoft\Office\16.0\Licensing
  • %localappdata%\Microsoft\Credentials

The full text of which can be found HERE, while it does not specifically say to exclude the licencing token for ADFS Single Sign On environments it is suggested by the wording.

Within an environment that either includes ADFS only (no SSO) or any other technology such as AD Connect PTA then Roaming those folders should be required but not is you use ADFS with SSO. However excluding default roaming of these tokens from FSLogix can be achieved by adding a registry preference to group policy for the following settings:

HKLM\SOFTWARE\Policies\FSLogix\ODFC\IncludeOfficeActivation DWORD=0, or you can set it via standard group policy if you have FSLogix updated ADMX files by configuring “Computer Configuration\Policies\Administrative Templates\FSLogix\Office365 Container\Include Office Activation data in container” and set it to disabled.

Author: Dale Scriven

Leave a Reply