解决启动新 Teams 应用时出现的问题

2024-07-30
适用于: New Microsoft Teams

现象

在经典Microsoft Teams 中启用 “试用新 Teams” 切换时，新的 Teams 应用不会启动。相反，将显示一个横幅并显示以下错误消息：

出现错误。

如果检查经典 Teams 的日志文件，则会记录以下错误条目：

message: Launch api returns false, code: 11, apiCode: undefined, extendedErrorCode: 0, launchStatus: failed, status: failure, scenario: <scenarioGUID>, scenarioName: launch_pear_app, name: launch_pear_app

原因

此问题可能由于以下任何原因而发生：

Cookie 和缓存 shell 文件夹指向重新分析点。
TEMP 或 TMP 环境变量指向重新分析点。
您没有访问 AppData 文件夹中某些文件夹的读取权限。
AppData 文件夹中的某些文件夹将更改为充当重新分析点。
AppData 文件夹包含与所需系统文件夹同名的无效文件。
SYSTEM 帐户和管理员组没有对 AppData 文件夹中某些文件夹的完全控制权限。
你没有 Teams 安装位置的 SYSAPPID 权限。
AllowAllTrustedApps 策略设置可防止新的 Teams 启动。

解决方法

若要对此问题应用适当的解决方法，必须执行多个检查来确定问题的原因。有两个选项可用于运行所有必要的诊断检查。使用首选选项。

选项 1：运行脚本

TeamsLaunchCheck.ps1 PowerShell 脚本自动执行必须运行的所有检查。

TeamsLaunchCheck.ps1 脚本

# $erroractionpreference="stop"

$list = @(
    "$env:APPDATA", 
    "$env:APPDATA\Microsoft", 
    "$env:APPDATA\Microsoft\Crypto", 
    "$env:APPDATA\Microsoft\Internet Explorer", 
    "$env:APPDATA\Microsoft\Internet Explorer\UserData", 
    "$env:APPDATA\Microsoft\Internet Explorer\UserData\Low",
    "$env:APPDATA\Microsoft\Spelling", 
    "$env:APPDATA\Microsoft\SystemCertificates",
    "$env:APPDATA\Microsoft\Windows", 
    "$env:APPDATA\Microsoft\Windows\Libraries",
    "$env:APPDATA\Microsoft\Windows\Recent",
    "$env:LOCALAPPDATA",
    "$env:LOCALAPPDATA\Microsoft",
    "$env:LOCALAPPDATA\Microsoft\Windows",
    "$env:LOCALAPPDATA\Microsoft\Windows\Explorer",
    "$env:LOCALAPPDATA\Microsoft\Windows\History",
    "$env:LOCALAPPDATA\Microsoft\Windows\History\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\History\Low\History.IE5",
    "$env:LOCALAPPDATA\Microsoft\Windows\IECompatCache",
    "$env:LOCALAPPDATA\Microsoft\Windows\IECompatCache\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\IECompatUaCache",
    "$env:LOCALAPPDATA\Microsoft\Windows\IECompatUaCache\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCache",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\DNTException",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\DNTException\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\PrivacIE",
    "$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\PrivacIE\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatCache",
    "$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatCache\Low",
    "$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatUaCache",
    "$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatUaCache\Low",
    "$env:LOCALAPPDATA\Microsoft\WindowsApps",
    "$env:LOCALAPPDATA\Packages",
    "$env:LOCALAPPDATA\Publishers",
    "$env:LOCALAPPDATA\Publishers\8wekyb3d8bbwe",
    "$env:LOCALAPPDATA\Temp",
    "$env:USERPROFILE\AppData\LocalLow",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EdpDomStore",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList",
    "$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\IEFlipAheadCache"
)

$ver = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\'
$script:osVersion = $ver.DisplayVersion
if($script:osVersion -eq "")    {
        $script:osVersion = $ver.ReleaseId
}
$script:osBuild = (Get-WmiObject -Class Win32_OperatingSystem).Version
$script:osUBR= [int]$ver.UBR
$script:osFullBuild = [version]"$script:osBuild.$script:osUBR"
$script:osProductName = $ver.ProductName

function ValidateShellFolders
{
    $shellFolders = @(
        "Cookies",
        "Cache"
    )

    $shellPaths = @{}

    $path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"    
    $keys = Get-Item $path
    $props = Get-ItemProperty $path
    ($keys).Property | %{
        $shellPaths[$_] = $props."$_"
        $str = $props."$_"
        $str += "`t: " + $_
        echo $str
    }

    foreach($shellFolder in $shellFolders)
    {
        $shellPath = $shellPaths[$shellFolder]
        if(PathContainsReparsePoint($shellPath))
        {
            Write-Warning "$($shellFolder) User Shell Folder path $shellPath contains a reparse point."
        }
        else
        {
            Write-Host "$($shellFolder) User Shell Folder path $shellPath is not a reparse point" -ForegroundColor Green
        }
    }
}

function ValidateEnvironmentVars
{
    $temps = (gci env:* | ?{@("TEMP", "TMP").Contains($_.Name)})
    foreach($temp in $temps)
    {
        if(PathContainsReparsePoint($temp.Value))
        {
            Write-Warning "$($temp.Name): $($temp.Value) contains a reparse point."
        }
        else
        {
            Write-Host "$($temp.Name): $($temp.Value) is not a reparse point" -ForegroundColor Green
        }
    }
}

function ValidateUserAccess($list)
{
    $checked = @()
    foreach ($path in $list)
    {
        $left = $path
        for($i=0;$i -lt 10; $i++)
        {
            if ([string]::IsNullOrEmpty($left))
            {
                break;
            }
            if(-Not $checked.Contains($left))
            {
                try
                {
                    if (Test-Path -Path $left)
                    {
                        $items = Get-ChildItem $left -ErrorAction SilentlyContinue -ErrorVariable GCIErrors
                        if($GCIErrors.Count -eq 0)
                        {
                            Write-Host "User is able to access $left" -ForegroundColor Green
                        }
                        else
                        {
                            Write-Warning "$left is missing permissions for the current user."
                        }
                        $checked += $left
                    }
                    else
                    {
                        Write-Host "MISSING: $path" -ForegroundColor Green
                    }
                }
                catch
                {
                    Write-Warning "Error trying to access $left."
                }
            }
            $left=Split-Path $left
        }
    }
}

function ValidatePaths($list)
{
    foreach ($path in $list)
    {
        if (Test-Path -Path $path)
        {
            if (Test-Path -Path $path -PathType Container)
            {
                Write-Host "Folder: $path" -ForegroundColor Green
            }
            else
            {
                Write-Warning "FILE: $path"
            }
        }
        else
        {
            Write-Host "MISSING: $path" -ForegroundColor Green
        }
    }
}

function ValidateSystemPerms($list)
{
    foreach ($path in $list)
    {
        if (Test-Path -Path $path)
        {
            $systemPerms = (Get-Acl $path).Access | where {$_.IdentityReference -eq "NT AUTHORITY\SYSTEM"}
            $systemFullControl = $systemPerms | where {$_.FileSystemRights -eq "FullControl" -and $_.AccessControlType -eq "Allow"}
            if($systemFullControl.Count -ge 1)
            {
                Write-Host "$path has the correct permissions assigned for SYSTEM account" -ForegroundColor Green
            }
            else
            {
                Write-Warning "$path is missing permissions for the SYSTEM account. The current permissions:"
                $systemPerms
            }
            $adminPerms = (Get-Acl $path).Access | where {$_.IdentityReference -eq "BUILTIN\Administrators"}
            $adminFullControl = $adminPerms | where {$_.FileSystemRights -eq "FullControl" -and $_.AccessControlType -eq "Allow"}
            if($adminFullControl.Count -ge 1)
            {
                Write-Host "$path has the correct permissions assigned for Administrators group" -ForegroundColor Green
            }
            else
            {
                Write-Warning "$path is missing permissions for the Administrators group. The current permissions:"
                $adminPerms
            }
        }
        else
        {
            Write-Host "MISSING: $path" -ForegroundColor Green
        }
    }
}

function ValidateSysAppIdPerms
{
    $apps = Get-AppxPackage MSTeams 
    foreach($app in $apps)
    {
        $perms = (Get-Acl $app.InstallLocation).sddl -split "\(" | ?{$_ -match "WIN:/\/\SYSAPPID"}
        if($perms.Length -gt 0)
        {
            Write-Host "$($app.InstallLocation) has the correct SYSAPPID permissions assigned" -ForegroundColor Green
        }
        else
        {
            Write-Warning "$($app.InstallLocation) is missing SYSAPPID permissions."
        }
    }
}

function IsReparsePoint([string]$path) 
{

    $props = Get-ItemProperty -Path $path -ErrorAction SilentlyContinue
    if($props.Attributes -match 'ReparsePoint')
    {
        return $true
    }
    return $false
}

function PathContainsReparsePoint($path, $trace = $false)
{
    $badPaths = 0
    $result = ""
    $left = $path
    for($i=0;$i -lt 10; $i++)
    {
        if ([string]::IsNullOrEmpty($left))
        {
            break;
        };
        if(IsReparsePoint($left))
        {
            $result = "Y" + $result
            $badPaths++
        }
        else{
            $result = "N" + $result
        }
        $left=Split-Path $left
    }
    if($trace)
    {
        if ($result.Contains("Y"))
        {
            Write-Warning "$result $path contains a reparse point"
        }
        else
        {
            Write-Host "$result $path" -ForegroundColor Green
        }
    }
    return $badPaths -gt 0
}

function ValidateAppXPolicies()
{
    $osPatchThresholds = @{
        "10.0.19044" = 4046 #Win 10 21H2
        "10.0.19045" = 3636 #Win 10 22H2
        "10.0.22000" = 2777 #Win 11 21H2
        "10.0.22621" = 2506 #Win 11 22H2
    }

    $minPatchVersion = [version]"10.0.19044"
    $maxPatchVersion = [version]"10.0.22621"

    if($script:osFullBuild -lt $minPatchVersion)
    {
        if(-Not (HasAllowAllTrustedAppsKeyEnabled))
        {
            Write-Warning "AllowAllTrustedApps is not enabled and OS version is too low to get the AllowAllTrustedApps patch."
        }
        else
        {
            Write-Host "The OS version is too low to get the AllowAllTrustedApps patch, but AllowAllTrustedApps is a supported value" -ForegroundColor Green
        }
    }
    elseif($script:osFullBuild -le $maxPatchVersion)
    {
        $targetUBR = $osPatchThresholds[$script:osBuild]
        if($script:osUBR -lt $targetUBR)
        {
            if(-Not (HasAllowAllTrustedAppsKeyEnabled))
            {
                $recommendedVersion = [version]"$script:osBuild.$targetUBR"
                Write-Warning "AllowAllTrustedApps is not enabled and your version of Windows does not contain a required patch to support this.`nEither update your version of Windows to be greater than $recommendedVersion, or enable AllowAllTrustedApps"
            }
            else
            {
                Write-Host "OS version is missing the AllowAllTrustedApps patch, but AllowAllTrustedApps is a supported value" -ForegroundColor Green
            }
        }
        else
        {
            Write-Host "OS version has the AllowAllTrustedApps patch" -ForegroundColor Green
        }
    }
    else
    {
        Write-Host "OS version is high enough that AllowAllTrustedApps should not be an issue" -ForegroundColor Green
    }
}

function HasAllowAllTrustedAppsKeyEnabled
{
    $hasKey = $false;
    $appXKeys = @("HKLM:\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock", "HKLM:\Software\Policies\Microsoft\Windows\Appx")
    foreach ($key in $appXKeys)
    {
        try
        {
            $value = Get-ItemPropertyValue -Path $key -Name "AllowAllTrustedApps"
            echo "$key AllowAllTrustedApps = $value"
            if ($value -ne 0) 
            {
                $hasKey = $true
                break;
            }
        }
        catch
        {
            echo "Missing AllowAllTrustedApps key at $key"
        }
    }
    return $hasKey
}

echo "$script:osProductName Version $script:osVersion, Build $script:osFullBuild"
echo ""
echo "# Checking for reparse points in user shell folders"
ValidateShellFolders
echo ""
echo "# Checking for reparse points in temp/tmp environment variables"
ValidateEnvironmentVars
echo ""
echo "# Checking for user permissions in appdata"
ValidateUserAccess($list)
echo ""
echo "# Checking for reparse points in appdata"
foreach ($path in $list)
{
    $result = PathContainsReparsePoint $path $true
}
echo ""
echo "# Checking for unexpected files in appdata"
ValidatePaths($list)
echo ""
echo "# Checking SYSTEM and Administrators permissions in appdata"
ValidateSystemPerms($list)
echo ""
echo "# Checking SYSAPPID permissions"
ValidateSysAppIdPerms
echo ""
echo "# Checking if AllowAllTrustedApps is valid"
ValidateAppXPolicies

Pause

选项 2：手动执行检查

重要

此部分（或称方法或任务）介绍了修改注册表的步骤。但是，注册表修改不当可能会出现严重问题。因此，按以下步骤操作时请务必谨慎。对于添加的保护，请先备份注册表，然后再对其进行修改。如果之后出现问题，您就可以还原注册表。

检查 Cookie 和缓存 shell 文件夹是否指向重新分析点的位置：
1. 运行以下 PowerShell 命令：
```
(gp ([environment]::getfolderpath("Cookies"))).Attributes -match 'ReparsePoint'
(gp ([environment]::getfolderpath("InternetCache"))).Attributes -match 'ReparsePoint'
```
2. 如果两个命令都返回 False，请转到步骤 2。否则，请打开注册表编辑器并找到以下子项：
  
  Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
3. 对于返回为 True 的 PowerShell 命令中的 shell 文件夹，请将其关联的注册表项的值更新为不是重新分析点的位置。例如，可以将值设置为默认路径：
注册表项值

Cookie %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies

缓存 %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
检查 TEMP 或 TMP 环境变量的值是否设置为重新分析点：
1. 运行以下 PowerShell 命令：
```
gci env:* | ?{@("TEMP", "TMP").Contains($_.Name)} | %{$_.Value+" - "+((gp $_.Value).Attributes -match 'ReparsePoint')}
```
2. 如果命令返回 False，请转到步骤 3。否则，请将环境变量的值设置为不是重新分析点的位置。
检查是否具有访问 AppData 文件夹中所有以下目录的读取权限：
- %USERPROFILE%\AppData\Local
- %USERPROFILE%\AppData\Local\Microsoft
- %USERPROFILE%\AppData\Local\Microsoft\Windows
- %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatUaCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\DNTException
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatUaCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatUaCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
- %USERPROFILE%\AppData\Local\Packages
- %USERPROFILE%\AppData\Local\Packages\VirtualizationTests.Main_8wekyb3d8bbwe\LocalCache
- %USERPROFILE%\AppData\Local\Publishers
- %USERPROFILE%\AppData\Local\Publishers\8wekyb3d8bbwe
- %USERPROFILE%\AppData\Local\Temp
- %USERPROFILE%\AppData\LocalLow
- %USERPROFILE%\AppData\LocalLow\Microsoft
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EdpDomStore
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\IEFlipAheadCache
- %USERPROFILE%\AppData\Roaming
- %USERPROFILE%\AppData\Roaming\Microsoft
- %USERPROFILE%\AppData\Roaming\Microsoft\Crypto
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\UserData
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
- %USERPROFILE%\AppData\Roaming\Microsoft\Spelling
- %USERPROFILE%\AppData\Roaming\Microsoft\SystemCertificates
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Libraries
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
可以使用 Test-Path PowerShell 命令执行此检查。如果没有特定文件夹的 “读取 ”权限，请要求具有 该文件夹的完全控制 权限的人员授予 “读取 ”权限。
检查步骤 3 中列出的任何文件夹是否已更改为充当重新分析点。如果任一文件夹都是重新分析点，请联系Microsoft 支持部门。
检查与 AppData 文件夹中所需系统文件夹同名的文件。例如，路径中名为“库”的文件 %AppData%\Microsoft\Windows\Libraries 的名称与具有相同路径的文件夹同名。对于步骤 3 中列出的每个文件夹，请运行以下 PowerShell 命令：
```
Test-Path -Path <directory name, such as $env:USERPROFILE\AppData\Local\Temp>  -PathType Leaf
```
如果该命令返回 True，请删除该文件，然后使用与系统文件夹的完整路径相同的名称创建文件夹。

注册表项	值
Cookie	`%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies`
缓存	`%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache`

检查 SYSTEM 帐户和管理员组是否对步骤 3 中列出的所有目录具有 完全控制 权限。

为每个文件夹运行以下 PowerShell 命令：

((Get-Acl (Join-Path $env:USERPROFILE "<directory name that starts with AppData, such as AppData\Local>")).Access | ?{$_.IdentityReference -eq "NT AUTHORITY\SYSTEM" -and $_.FileSystemRights -eq "FullControl"} | measure).Count -eq 1
((Get-Acl (Join-Path $env:USERPROFILE "<directory name that starts with AppData, such as AppData\Local>")).Access | ?{$_.IdentityReference -eq "BUILTIN\Administrators" -and $_.FileSystemRights -eq "FullControl"} | measure).Count -eq 1

如果任一命令返回 False，请让具有 文件夹完全控制 权限的人员向相应的帐户授予 完全控制 权限。

检查你是否对 Teams 安装位置具有 SYSAPPID 权限。运行以下 PowerShell 命令：
```
Get-AppxPackage MSTeams | %{$_.InstallLocation+" - "+(((Get-Acl $_.InstallLocation).sddl -split "\(" | ?{$_ -match "WIN:/\/\SYSAPPID"} | Measure).count -eq 1)}
```
如果命令返回 False，请请求本地 Administrators 组的成员删除计算机上的用户配置文件。然后，使用用户帐户登录以重新创建用户配置文件。
检查 AllowAllTrustedApps 策略设置：
1. 在命令提示符窗口中，运行 winver 该命令。
2. 将结果中的 Windows 版本和内部版本号与以下版本的 Windows 11 和 Windows 10 进行比较：
  - Windows 11 版本 21H2 OS 内部版本 22000.2777
  - Windows 11 版本 22H2 OS 内部版本 22621.2506
  - Windows 10 版本 21H2 OS 内部版本 19044.4046
  - Windows 10 版本 22H2 OS 内部版本 19045.3636
3. 如果 Windows 版本和内部版本号早于列表中的版本号，请打开注册表编辑器，然后在以下子项之一下找到 AllowAllTrustedApps 注册表项：
  - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
  - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
4. 检查 AllowAllTrustedApps 的值。如果值为 0，则禁用策略。将其更改为 1 以启用策略，然后重试以启动新的 Teams。
  
  注意： 若要在不启用 AllowAllTrustedApps 策略的情况下启动新 Teams，必须运行步骤 5b 中列出的 Windows 版本之一。
如果问题仍然存在，请将系统更新为 Windows 11 版本 22H2、OS 内部版本 22621.2506 或更高版本。

通过

解决启动新 Teams 应用时出现的问题

现象

原因

解决方法

选项 1：运行脚本

选项 2：手动执行检查

反馈

其他资源