question

ChristinelaFontaine-7534 avatar image
0 Votes"
ChristinelaFontaine-7534 asked David-8347 answered

"AADSTS9002313: Invalid request. Request is malformed or invalid." when trying to log in to Office

One of our users (on Win 7) get the following error when trying to log in to Outlook, Excel and so on.

AADSTS9002313: Invalid request. Request is malformed or invalid.

We have tried deleting the Outlook profile, MS credentials but nothing works.

office-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

emilyhua-msft avatar image
0 Votes"
emilyhua-msft answered

@ChristinelaFontaine-7534

Which version of Office is this user using?

  • From the perspective of Office, I would suggest you go to Registry Editor, if this user has Office 2013, please locate to Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity, back up the registry for restoration in case problems occur, then remove the folders under "Identity", such as "Profiles", "Identities".
    (Please note, for Office 2016, Microsoft 365 apps, the version number is 16.0)

  • And then choose "Identity", check whether there are "EnableADAL" value.
    If not, please right-click > New > DWORD (32-bit) Value > Name it "EnableADAL", set the value data as 1.

Besides, as the AADSTS error code and error message are related to Azure AD Authentication, to better help you, I would add the tag "azure-ad-authentication" and "azure-active-directory". Thanks for your understanding.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristinelaFontaine-7534 avatar image
0 Votes"
ChristinelaFontaine-7534 answered ChristinelaFontaine-7534 commented

@emilyhua-msft thank you for this.

It is version 16.0. I deleted the folders in Identity and created the EnableADAL value, restarted the computer but still same error:

120143-billede.png


Should I delete the other values in the Identity folder?

120154-billede.png


Edit: Just tried creating a new user for him and logging in to Office on this new account. This time no error after entering user name, but it was not activated correctly. We have checked his license several times, no changes to this - but Office cannot activate.




billede.png (10.1 KiB)
billede.png (44.9 KiB)
· 14
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ChristinelaFontaine-7534
If Office was not activated correctly, was there any error message?

Does this user have Microsoft 365 apps?
Please run following command in Command Prompt (Run it as administrator) to check the Office information.
cscript.exe "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /dstatus
(If you are running 32-bit Office on a 64-bit operating system)
cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus

0 Votes 0 ·

It was activated correctly an worked fine for several years, then a month or 2 ago he got a message saying "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue". Later he got "Your subscription could not be confirmed" and now "AADSTS9002313: Invalid request. Request is malformed or invalid."


Here is the result:

PRODUCT ID: 00265-60000-00004-AA650
SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d86
LICENSE NAME: Office 16, Office16O365Busine
LICENSE DESCRIPTION: Office 16, RETAIL(Grac
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F009
ERROR DESCRIPTION: The Software Licensing S
expired.
Last 5 characters of installed product key:

PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541
LICENSE NAME: Office 15, OfficeVisioProVL_K
LICENSE DESCRIPTION: Office 15, VOLUME_KMSC
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing S
d not be activated using the Key Management
Last 5 characters of installed product key:
DNS auto-discovery: KMS name not av
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled

0 Votes 0 ·
emilyhua-msft avatar image emilyhua-msft ChristinelaFontaine-7534 ·

@ChristinelaFontaine-7534

Thanks for your sharing.

As the error message "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue", I need to confirm what TLS protocol is used on your machine?

Please note, you need to ensuer TLS 1.1 and 1.2 on Windows 7 are enabled, for more you may refer to "Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows".


0 Votes 0 ·
emilyhua-msft avatar image emilyhua-msft ChristinelaFontaine-7534 ·

@ChristinelaFontaine-7534
If there is any update, you may share with us.

0 Votes 0 ·
Show more comments
ChristinelaFontaine-7534 avatar image
0 Votes"
ChristinelaFontaine-7534 answered

It was activated correctly an worked fine for several years, then a month or 2 ago he got a message saying "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue". Later he got "Your subscription could not be confirmed" and now "AADSTS9002313: Invalid request. Request is malformed or invalid."



Here is the result:

PRODUCT ID: 00265-60000-00004-AA650
SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d86
LICENSE NAME: Office 16, Office16O365Busine
LICENSE DESCRIPTION: Office 16, RETAIL(Grac
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F009
ERROR DESCRIPTION: The Software Licensing S
expired.
Last 5 characters of installed product key:


PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541
LICENSE NAME: Office 15, OfficeVisioProVL_K
LICENSE DESCRIPTION: Office 15, VOLUME_KMSC
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing S
d not be activated using the Key Management
Last 5 characters of installed product key:
DNS auto-discovery: KMS name not av
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EddieBonet-6579 avatar image
0 Votes"
EddieBonet-6579 answered EddieBonet-6579 published

2 people in my organization have the same error.

Request Id: 20894b50-a4b5-4600-a681-606c02fc9f01


Correlation Id: 62d336de-9764-4598-9ffb-2039a03006da

Timestamp: 2021-08-05T14:10:26Z


Message: AADSTS9002313: Invalid request. Request is malformed or invalid.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YUNUSEMREPEKCC-4620 avatar image
0 Votes"
YUNUSEMREPEKCC-4620 answered YUNUSEMREPEKCC-4620 commented

I am a student version user and I got the same issue. I have been using it on this account for at least last 3 years. I am also using it in 2 different devices, same account. It started a message "you need to re-sign to prove you are the user." I just did ignore the message for months. Then it started 30 days countdown to lift my licence on the product and it did it. When licence was lifted I tried to login in to my PC however I can not login to my account. I checked I still got licence right by the university about Office Licence. I cannot edit anything on my documents because of not being able to login. Please urgent help.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Request Id: d970d44f-9cc8-4645-9d0a-858cc89a5a01


Correlation Id: 60144299-a21f-4c08-bd49-427caf7dbf82

Timestamp: 2021-08-05T18:29:04Z


Message: AADSTS9002313: Invalid request. Request is malformed or invalid.

0 Votes 0 ·
YUNUSEMREPEKCC-4620 avatar image
0 Votes"
YUNUSEMREPEKCC-4620 answered MikeCrawford-1202 commented

A solution. It worked on mine. I tried to login to a different account, I saw the "password" screen on Microsoft Office Login Application. In that screen I didn't enter to that account of mine, clicked on "Login with a different account" then tried my other -unlogginable- account. Further, I saw the password screen for the one that I cannot see with this problem. I entered my password and everything is solved.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This did not work here, thanks though.

0 Votes 0 ·

This (or a version of this) worked for us thanks. On the sign in screen, we entered a non-existant user (username2@domain.com) and on the next screen changed it back to the real user (username@domain.com) and clicked Next and then (and only then) did we get to enter a password. After this, all good.

We also did the registry deletion and setting of EnableADAL above, but this alone did not resolve.

Cheers

0 Votes 0 ·
JulianSmith-7670 avatar image
2 Votes"
JulianSmith-7670 answered JulianSmith-7670 edited

Hey folks, so I figured out what was doing this in our environment.

If your org setup checks all of these boxes, this comment will most likely be your fix:
- 365-based Office subscriptions for individual users (i.e. Office licensed with users' accounts and not a generic account)
- 2-factor authentication for 365 accounts
- A timed password reset policy (i.e. reset every 90 days)
- Windows 10 computers (side note for Win7/Win8 at the end)

Context:
There is a long-standing issue with Azure/OAuth tokens in Windows with 2FA-enabled accounts when users hit "Yes" to the "Use this account everywhere on your device" prompt when signing into any Microsoft service. What happens is that their 365 account gets added to the "Work or School accounts" section of Windows 10 as well as being signed into Office or whatever other Windows 10 app they are using. This is fine until the password resets, and then what happens is that the main application that is being used (i.e. Office) calls out for a new credential, but the Work or School account entry does not have the ability to do so and instead creates a conflict with any applications that are trying to reach out for a new credential. This will generate the common "Outlook TPM error" in which Outlook tells you that your Trusted Platform Module hardware chip has failed (lies). It can also cause a more vague issue where Office apps ask for credentials but won't let you put them in. This specific thread however, is a more spicy take on this issue. This specific issue is the same as above except that the account entry is hidden from Windows and can only be found and removed from inside of the specific Windows 10 app that the user signed into. More info below.

The fix:
To fix the generic Azure/OAuth token issue in Windows, we would have to remove the Work or School account from Windows settings like so:

Start > Settings > Accounts > Access Work or School > Click on the 365 account entry > Remove > Ignore warning > Sign back into Office or whatever application was failing before > Choose "This app only" at the "Use this account everywhere on your device" prompt so that it doesn't happen again.

Immediately afterwards authentication will start working again... Unless you're having the specific issue with error: "AADSTS9002313: Invalid request. Request is malformed or invalid" when trying to log in to Office, which means that there might be another secret Work or School account entry hidden somewhere else in Windows.

What I needed to do for this specific issue was search through every non-365 Microsoft app (i.e. from the Microsoft store) that the person used to see if any were still signed in after purging the other Work and School account entry in the location mentioned above. Eventually I found that the OneNote app that comes built into Windows 10 was the culprit. There is a separate "Account" section inside of the OneNote app that had the authenticated/failing Work or School account entry and for some reason that account only showed up in the OneNote app and NOT in the Windows 10 settings. I hit "Sign Out" for that account from inside of the OneNote app and the second that failing account entry was removed the issue immediately went away.

This is a very specific issue, but in my experience many orgs are setup like this nowadays so it might be more common than it would seem at first glance. I hope this info helps someone out there.

Alternatives:
If you are using Windows 7 or 8, you'll still want to check on all Microsoft apps to make sure none of them are stuck failing sign in (because they will work similarly regardless of Windows version), however you may instead need to clear credential manager entries to get this same effect. While some builds of Windows 8 have something similar to the account settings mentioned above, it will be good to keep in mind that older versions of Windows heavily relied on the credential manager for this sort of thing. If your org isn't set up with the settings mentioned at the beginning of this post, this info could still be helpful, but your results will most likely vary greatly.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdamFujiura-3809 avatar image
0 Votes"
AdamFujiura-3809 answered

For anyone who is wondering I had this issue on a win 7 desktop (optiplex 9020) using version 2008 of office.
I ended up backing up his files to an external HD and deleted his user profile in control panel and had him sign back in re creating his profile and syncing up his licenses again.

note: This is in a corporate environment as well. I spent a month on trying to get this issue resolved.
Hope this helps. Good luck out there everyone!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

David-8347 avatar image
0 Votes"
David-8347 answered

Hi,

If it is Office365 applications or any other apps which is online check your AppData folder where folders like: identityCache, identity or something like that everything which referring to credentials, move them on desktop and then check your possibilty to login on account which have license.
In that way I solve problem with logging and activation Office365 Home and Business on computer Windows 10 20h2.
If won't work try to fully reinstall office, disconnect azure account from settings and everything which referring to this one account, restart the PC.
Why deleting profiles is working for this?
It's probably caused because this folder not exist and then user is able to login.
I hope it works for you!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.