Word
A family of Microsoft word processing software products for creating web, email, and print documents.
960 questions
Saving word (365) document with double key encryption (DKE) label giving errors
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 81%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENV%3C/text%3E%3C/svg%3E)
Nirav Vora
0
Reputation points
Here is our configuration on client :
Windows 10 Pro 22H2 (setup as VM on azure)
Word 365 with version 2308 (build 16731.20000 Click to Run, beta channel)
Windows defender firewall is off for private and public networks
Service _*Microsoft Account Sign In Assistant*_ is running
Added registry settings defined in CL9 here – https://techcommunity.microsoft.com/t5/security-compliance-and-identity/dke-troubleshooting/ba-p/2234252
DKE Labels (with and without offline access) have been created on 20<sup>th</sup> July’2023 and 24<sup>th</sup> July’2023
Previously similar setup was working with older version of beta channel.
However now we are seeing following error in MSIPC logs on saving files with DKE labels:
“
No template issuers available locally or from non-default servers, default service discovery failed. Failed hr = 0x0
}}{{[302][msipc]:[Info]:[8716]:[2023-08-01 21:43:33.049]: ipputil.cpp:Microsoft::InformationProtection::IppUtil::HandlePublicAPIException:1081
Exception at x:\bt\1181731\repo\src\client\msipc\api\ippapi.cpp(2894): hrIppGetUser
HRESULT = 0x8004020d: Rights Management service requires network access to complete this operation, however the application is trying to complete this operation in an offline mode. Contact the application support for further assistance.”
Error pop up shown to user is below:
“Word cannot save or create this file. Make sure that disk you want to save the file on is not full, write protected, or damaged”
Opening previously encrypted document with DKE label is now giving following error in MSIPC logs :
“Exception at x:\bt\1181731\repo\src\client\msipc\api\ippapi.cpp(2416): IpcGetKeyInternal( &activity, pvLicense, dwFlags, pConsumer, pToken, pContext, pvUseLicense, pvReserved, phKey )
HRESULT = 0x80040219: Microsoft Online Services Sign-in Assistant is not installed on this machine. Install it from [http://aka.ms/sia] before retrying the operation.
}}{{[908][msipc]:[Info]:[9584]:[2023-08-01 21:38:29.234]: ipputil.cpp:Microsoft::InformationProtection::IppUtil::MapDRMErrorToIPCError:1284
Error HRESULT 0x80040219 mapped to 0x80040219”
Error pop up shown during decrypt is below (I am using same user credentials that were used to save the document – on different machine):
“You are not signed into office with account that has permission or request permission from the content owner.”
I am seeing above errors with DKE labels (with labels having offline access enabled as well as with labels having offline access set to never).
(DKE Labels used for testing have been created on 20<sup>th</sup> July’2023 and 24<sup>th</sup> July’2023)
Can you please advise on any missing configuration setting that we need to do for using DKE labels to save and open word documents?
Sign in to answer