Microsoft 365 APPS for enterprise and AD environment Variable

Question

Hello,

I'm stuck with the following problem :

When an user open a session on a rdp server with AD Environment Variable activated, Access open well but it prompt for licence activation.

If i enter the user login, then Access Freeze and nothing more happen.

if i close the pop-up, it ran as an unlicenced mode.

I do the same without the ad EV, the SSO works well and the user isn't prompted for the login

I enable the AD EV on his profile and login again... now it work as expected...

about my config :

• all in Windows 2022 server : one Broker and two RDP server
• Microsoft 365 APPS for enterprise installed with SharedComputer activated (and all user licenced)
• GPO enabled for SSO
• Azure AD connect activated and synchronize well

the AD EV is :

"C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE" %SystemDrive%\xxx\xxx.accde

I've trying to change the AD EV to open an xls file and it does the same...

I've got the following logs in AAS :

"Error: 0x80070002

Exception of type 'class DSRegException' at AcquireTokenContext.cpp, line: 234, method: AcquireTokenContext::GetFallbackDomain.

Log: 0xcaac03f1 Failed to get the DC registration data. Cannot get the domain name.

Logged at AcquireTokenContext.cpp, line: 234, method: AcquireTokenContext::GetFallbackDomain."

"Error: 0xCAA10009 The value specified for 'clientId' must be non-empty.

Exception of type 'class ArgumentException' at AuthenticationContext.cpp, line: 263, method: AuthenticationContext::SetClientId.

Log: 0xcaa10083 Exception in WinRT wrapper.

Logged at AuthorizationClient.cpp, line: 43, method: ADALRT::AuthorizationClient::AuthorizationClient."

"Error: 0xCAA10009 The value specified for 'clientId' must be non-empty.

Exception of type 'class WinRTException' at GetTokenBrokerOperationBase.cpp, line: 430, method: GetTokenBrokerOperationBase::ExecuteImpl::

Answer 1

The issue you're experiencing with Microsoft 365 Apps for Enterprise in an AD environment seems to be related to Single Sign-On (SSO) and Azure Active Directory synchronization. The errors indicate problems with the client ID and domain registration data, which are crucial for SSO functionality. Here are some steps to troubleshoot:

Check Azure AD Connect: Ensure that Azure AD Connect is functioning correctly and synchronizing without errors.

Review GPO Settings: Double-check the Group Policy settings for SSO to ensure they're correctly configured.

Client ID Error: The "Error: 0xCAA10009 The value specified for 'clientId' must be non-empty" suggests an issue with the configuration of the client ID in the Azure AD app. Verify that the client ID is correctly set in the Azure AD application associated with your Office 365 deployment.

Domain Registration Data: The error "Failed to get the DC registration data. Cannot get the domain name." suggests an issue with the domain controller registration. Ensure that your domain controllers are correctly registered and accessible by the RDP server.

Check Network Configuration: Network issues can sometimes cause problems with SSO and domain services. Verify that your network configuration allows proper communication between the RDP servers, domain controllers, and Azure AD.

Office 365 Shared Computer Activation: Since you're using Office 365 with Shared Computer Activation, ensure that it's correctly configured. This feature is crucial for RDP environments.

Consult Microsoft Support: If the issue persists, it might be helpful to contact Microsoft Support for more specific guidance, especially since the errors involve Azure AD and potentially complex configurations.

It's important to proceed with caution when making changes in a production environment and to ensure that you have backups and a rollback plan in case of unexpected issues.