This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 49%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We have a Remote Desktop Services implementation on Server 2016. We're seeing Microsoft 365 prompting users to activate office each time they sign into a session.
We think this started a couple of months ago, possibly coinciding with when Edge Chromium was installed. We have also recently introduced MFA, so this might be a factor (please note I personally don't know much about our MFA implementation, but can find out more details if required).
No errors, but M365 prompts users to activate office, by entering email address etc,
I believe this is a SSO on issue but am not sure.
I have been using https://learn.microsoft.com/en-us/office365/troubleshoot/authentication/connection-issue-when-sign-in-office-2016
After enabling logging, I am seeing "{"Action": "BlockedRequest", "HRESULT": "0xc0f10005"" in the Office ULS logs, so logging a call as advised on that page.
Our RDSSH servers do not using roaming profiles, we use User Profile Disks, and local profiles are removed at logoff.
Whilst we think we could add %LocalAppData%\Microsoft\Office\16.0\Licensing to our UPDs, so that location is roamed, it doesn't feel like the right thing to do, as we've never had to do it, this feels like something has broken the activation process?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi @JustinMicheal-7973
Since your question is more related to office activation, I have removed the Exchange related tags and added the correct tag "office-itpro" to it.
Thanks for your understanding and hope you will get the answer soon.
@JustinMicheal-7973
> Our RDSSH servers do not using roaming profiles, we use User Profile Disks, and local profiles are removed at logoff.
The image below from 'DS2CHL830-20211027-0839a.log', the path that store licensing token for Microsoft shared computer activation is the default path : %localappdata%\Microsoft\Office\16.0\Licensing
According to your decription, that this path is not included in your UPDs and the local profiles are removed at logoff. In my opinion, it may the cause Microsoft 365 to prompt users to activate office each time they sign into a session.
I suggest you to save users licensing token on a location that wan't be deleted at logoff.
More information, please refer to "Licensing token roaming".
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
we did talk to MS about doing that in a call and they advised against it. The fact that it used to work without having to roam the licensing folder must mean something else has changed?
thanks - but, it also says:
Single sign-on recommended The use of single sign-on (SSO) is recommended to reduce how often users are prompted to sign in for activation. With single sign-on configured, Microsoft 365 Apps is activated using the user credentials that the user provides to sign in to Windows, as long as the user has been assigned a license for Microsoft 365 Apps. For more information, see Microsoft 365 identity models and Azure Active Directory <https://learn.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity> .
As far as I know SSO was working up until this broke, so something changed. I think someone at MS might have suggested it could have been Edge Chromium, e.g. it broke when we deployed Edge Chromium, which might be the case. Apparently it uses different authentication libraries on Server 2016 or something?
I think if we roamed the directory uses would still be prompted to sign in once? Ideally we want it to be completely seamless as it was before
Hi @JustinMicheal-7973
Yes, if you have set SSO, you do not need to set licensing token roaming.
But from your description above, SSO seems to be unsuccessful on Office.
Please refer to the steps mentioned in "Disabling ADAL or WAM not recommended for fixing Office sign-in or activation issues".
Go to Registry Editor, locate to Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities, then delete all the registry keys under Identities.
(It is recommended to back up registry keys before modification, just in case. You can refer to: How to back up and restore the registry in Windows.)
Besides, to better help you troubleshoot on SSO, I would suggest you post a new thread on Q&A forum with the tag "azure-active-directory". Thanks for your understanding.