"AADSTS9002313: Invalid request. Request is malformed or invalid." when trying to log in to Office

cmfl 1 Reputation point

One of our users (on Win 7) get the following error when trying to log in to Outlook, Excel and so on.

AADSTS9002313: Invalid request. Request is malformed or invalid.

We have tried deleting the Outlook profile, MS credentials but nothing works.

Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
1,856 questions
0 comments No comments
{count} votes

9 answers

Sort by: Most helpful
  1. Julian Smith 11 Reputation points

    Hey folks, so I figured out what was doing this in our environment.

    If your org setup checks all of these boxes, this comment will most likely be your fix:

    • 365-based Office subscriptions for individual users (i.e. Office licensed with users' accounts and not a generic account)
    • 2-factor authentication for 365 accounts
    • A timed password reset policy (i.e. reset every 90 days)
    • Windows 10 computers (side note for Win7/Win8 at the end)

    There is a long-standing issue with Azure/OAuth tokens in Windows with 2FA-enabled accounts when users hit "Yes" to the "Use this account everywhere on your device" prompt when signing into any Microsoft service. What happens is that their 365 account gets added to the "Work or School accounts" section of Windows 10 as well as being signed into Office or whatever other Windows 10 app they are using. This is fine until the password resets, and then what happens is that the main application that is being used (i.e. Office) calls out for a new credential, but the Work or School account entry does not have the ability to do so and instead creates a conflict with any applications that are trying to reach out for a new credential. This will generate the common "Outlook TPM error" in which Outlook tells you that your Trusted Platform Module hardware chip has failed (lies). It can also cause a more vague issue where Office apps ask for credentials but won't let you put them in. This specific thread however, is a more spicy take on this issue. This specific issue is the same as above except that the account entry is hidden from Windows and can only be found and removed from inside of the specific Windows 10 app that the user signed into. More info below.

    The fix:
    To fix the generic Azure/OAuth token issue in Windows, we would have to remove the Work or School account from Windows settings like so:

    Start > Settings > Accounts > Access Work or School > Click on the 365 account entry > Remove > Ignore warning > Sign back into Office or whatever application was failing before > Choose "This app only" at the "Use this account everywhere on your device" prompt so that it doesn't happen again.

    Immediately afterwards authentication will start working again... Unless you're having the specific issue with error: "AADSTS9002313: Invalid request. Request is malformed or invalid" when trying to log in to Office, which means that there might be another secret Work or School account entry hidden somewhere else in Windows.

    What I needed to do for this specific issue was search through every non-365 Microsoft app (i.e. from the Microsoft store) that the person used to see if any were still signed in after purging the other Work and School account entry in the location mentioned above. Eventually I found that the OneNote app that comes built into Windows 10 was the culprit. There is a separate "Account" section inside of the OneNote app that had the authenticated/failing Work or School account entry and for some reason that account only showed up in the OneNote app and NOT in the Windows 10 settings. I hit "Sign Out" for that account from inside of the OneNote app and the second that failing account entry was removed the issue immediately went away.

    This is a very specific issue, but in my experience many orgs are setup like this nowadays so it might be more common than it would seem at first glance. I hope this info helps someone out there.

    If you are using Windows 7 or 8, you'll still want to check on all Microsoft apps to make sure none of them are stuck failing sign in (because they will work similarly regardless of Windows version), however you may instead need to clear credential manager entries to get this same effect. While some builds of Windows 8 have something similar to the account settings mentioned above, it will be good to keep in mind that older versions of Windows heavily relied on the credential manager for this sort of thing. If your org isn't set up with the settings mentioned at the beginning of this post, this info could still be helpful, but your results will most likely vary greatly.

    2 people found this answer helpful.
    0 comments No comments

  2. Emily Hua-MSFT 27,326 Reputation points


    Which version of Office is this user using?

    • From the perspective of Office, I would suggest you go to Registry Editor, if this user has Office 2013, please locate to Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity, back up the registry for restoration in case problems occur, then remove the folders under "Identity", such as "Profiles", "Identities".
      (Please note, for Office 2016, Microsoft 365 apps, the version number is 16.0)
    • And then choose "Identity", check whether there are "EnableADAL" value.
      If not, please right-click > New > DWORD (32-bit) Value > Name it "EnableADAL", set the value data as 1.

    Besides, as the AADSTS error code and error message are related to Azure AD Authentication, to better help you, I would add the tag "azure-ad-authentication" and "azure-active-directory". Thanks for your understanding.

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. cmfl 1 Reputation point

    @Emily Hua-MSFT thank you for this.

    It is version 16.0. I deleted the folders in Identity and created the EnableADAL value, restarted the computer but still same error:


    Should I delete the other values in the Identity folder?


    Edit: Just tried creating a new user for him and logging in to Office on this new account. This time no error after entering user name, but it was not activated correctly. We have checked his license several times, no changes to this - but Office cannot activate.

  4. cmfl 1 Reputation point

    It was activated correctly an worked fine for several years, then a month or 2 ago he got a message saying "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue". Later he got "Your subscription could not be confirmed" and now "AADSTS9002313: Invalid request. Request is malformed or invalid."

    Here is the result:

    PRODUCT ID: 00265-60000-00004-AA650
    SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d86
    LICENSE NAME: Office 16, Office16O365Busine
    BETA EXPIRATION: 01-01-1601
    ERROR CODE: 0xC004F009
    ERROR DESCRIPTION: The Software Licensing S

    Last 5 characters of installed product key:

    PRODUCT ID: 00219-40000-00000-AA630
    SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541
    LICENSE NAME: Office 15, OfficeVisioProVL_K
    BETA EXPIRATION: 01-01-1601
    ERROR CODE: 0xC004F056
    ERROR DESCRIPTION: The Software Licensing S
    d not be activated using the Key Management
    Last 5 characters of installed product key:
    DNS auto-discovery: KMS name not av
    Activation Interval: 120 minutes
    Renewal Interval: 10080 minutes
    KMS host caching: Enabled

    0 comments No comments

  5. Eddie Bonet 1 Reputation point

    2 people in my organization have the same error.

    Request Id: 20894b50-a4b5-4600-a681-606c02fc9f01

    Correlation Id: 62d336de-9764-4598-9ffb-2039a03006da

    Timestamp: 2021-08-05T14:10:26Z

    Message: AADSTS9002313: Invalid request. Request is malformed or invalid.

    0 comments No comments