徵兆
當您在傳統Microsoft Teams 中開啟 [嘗試新的 Teams ] 切換時,新的 Teams 應用程式不會啟動。 相反地,橫幅隨即出現,並顯示下列錯誤訊息:
發生錯誤。
如果您檢查傳統 Teams 的記錄檔,則會記錄下列錯誤專案:
message: Launch api returns false, code: 11, apiCode: undefined, extendedErrorCode: 0, launchStatus: failed, status: failure, scenario: <scenarioGUID>, scenarioName: launch_pear_app, name: launch_pear_app
原因
此問題可能會因為下列任何原因而發生:
- Cookie 和快取殼層資料夾會指向重新分析點。
- TEMP 或 TMP 環境變數指向重新分析點。
- 您沒有存取 AppData 資料夾中特定資料夾的讀取權限。
- AppData 資料夾中的某些資料夾會變更為重新分析點。
- AppData 資料夾包含與必要系統資料夾同名的無效檔案。
- SYSTEM 帳戶和 Administrators 群組沒有 AppData 資料夾中特定資料夾的完整控制許可權。
- 您沒有 Teams 安裝位置的 SYSAPPID 許可權。
- AllowAllTrustedApps 原則設定可防止新的 Teams 啟動。
解決方法
若要套用此問題的適當解決方案,您必須執行多個檢查來判斷問題的原因。 有兩個選項可執行所有必要的診斷檢查。 使用您偏好的選項。
選項 1:執行文稿
TeamsLaunchCheck.ps1 PowerShell 腳本會將您必須執行的所有檢查自動化。
TeamsLaunchCheck.ps1 腳本
# $erroractionpreference="stop"
$list = @(
"$env:APPDATA",
"$env:APPDATA\Microsoft",
"$env:APPDATA\Microsoft\Crypto",
"$env:APPDATA\Microsoft\Internet Explorer",
"$env:APPDATA\Microsoft\Internet Explorer\UserData",
"$env:APPDATA\Microsoft\Internet Explorer\UserData\Low",
"$env:APPDATA\Microsoft\Spelling",
"$env:APPDATA\Microsoft\SystemCertificates",
"$env:APPDATA\Microsoft\Windows",
"$env:APPDATA\Microsoft\Windows\Libraries",
"$env:APPDATA\Microsoft\Windows\Recent",
"$env:LOCALAPPDATA",
"$env:LOCALAPPDATA\Microsoft",
"$env:LOCALAPPDATA\Microsoft\Windows",
"$env:LOCALAPPDATA\Microsoft\Windows\Explorer",
"$env:LOCALAPPDATA\Microsoft\Windows\History",
"$env:LOCALAPPDATA\Microsoft\Windows\History\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\History\Low\History.IE5",
"$env:LOCALAPPDATA\Microsoft\Windows\IECompatCache",
"$env:LOCALAPPDATA\Microsoft\Windows\IECompatCache\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\IECompatUaCache",
"$env:LOCALAPPDATA\Microsoft\Windows\IECompatUaCache\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCache",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\DNTException",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\DNTException\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\PrivacIE",
"$env:LOCALAPPDATA\Microsoft\Windows\INetCookies\PrivacIE\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatCache",
"$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatCache\Low",
"$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatUaCache",
"$env:LOCALAPPDATA\Microsoft\Windows\PPBCompatUaCache\Low",
"$env:LOCALAPPDATA\Microsoft\WindowsApps",
"$env:LOCALAPPDATA\Packages",
"$env:LOCALAPPDATA\Publishers",
"$env:LOCALAPPDATA\Publishers\8wekyb3d8bbwe",
"$env:LOCALAPPDATA\Temp",
"$env:USERPROFILE\AppData\LocalLow",
"$env:USERPROFILE\AppData\LocalLow\Microsoft",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EdpDomStore",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList",
"$env:USERPROFILE\AppData\LocalLow\Microsoft\Internet Explorer\IEFlipAheadCache"
)
$ver = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\'
$script:osVersion = $ver.DisplayVersion
if($script:osVersion -eq "") {
$script:osVersion = $ver.ReleaseId
}
$script:osBuild = (Get-WmiObject -Class Win32_OperatingSystem).Version
$script:osUBR= [int]$ver.UBR
$script:osFullBuild = [version]"$script:osBuild.$script:osUBR"
$script:osProductName = $ver.ProductName
function ValidateShellFolders
{
$shellFolders = @(
"Cookies",
"Cache"
)
$shellPaths = @{}
$path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
$keys = Get-Item $path
$props = Get-ItemProperty $path
($keys).Property | %{
$shellPaths[$_] = $props."$_"
$str = $props."$_"
$str += "`t: " + $_
echo $str
}
foreach($shellFolder in $shellFolders)
{
$shellPath = $shellPaths[$shellFolder]
if(PathContainsReparsePoint($shellPath))
{
Write-Warning "$($shellFolder) User Shell Folder path $shellPath contains a reparse point."
}
else
{
Write-Host "$($shellFolder) User Shell Folder path $shellPath is not a reparse point" -ForegroundColor Green
}
}
}
function ValidateEnvironmentVars
{
$temps = (gci env:* | ?{@("TEMP", "TMP").Contains($_.Name)})
foreach($temp in $temps)
{
if(PathContainsReparsePoint($temp.Value))
{
Write-Warning "$($temp.Name): $($temp.Value) contains a reparse point."
}
else
{
Write-Host "$($temp.Name): $($temp.Value) is not a reparse point" -ForegroundColor Green
}
}
}
function ValidateUserAccess($list)
{
$checked = @()
foreach ($path in $list)
{
$left = $path
for($i=0;$i -lt 10; $i++)
{
if ([string]::IsNullOrEmpty($left))
{
break;
}
if(-Not $checked.Contains($left))
{
try
{
if (Test-Path -Path $left)
{
$items = Get-ChildItem $left -ErrorAction SilentlyContinue -ErrorVariable GCIErrors
if($GCIErrors.Count -eq 0)
{
Write-Host "User is able to access $left" -ForegroundColor Green
}
else
{
Write-Warning "$left is missing permissions for the current user."
}
$checked += $left
}
else
{
Write-Host "MISSING: $path" -ForegroundColor Green
}
}
catch
{
Write-Warning "Error trying to access $left."
}
}
$left=Split-Path $left
}
}
}
function ValidatePaths($list)
{
foreach ($path in $list)
{
if (Test-Path -Path $path)
{
if (Test-Path -Path $path -PathType Container)
{
Write-Host "Folder: $path" -ForegroundColor Green
}
else
{
Write-Warning "FILE: $path"
}
}
else
{
Write-Host "MISSING: $path" -ForegroundColor Green
}
}
}
function ValidateSystemPerms($list)
{
foreach ($path in $list)
{
if (Test-Path -Path $path)
{
$systemPerms = (Get-Acl $path).Access | where {$_.IdentityReference -eq "NT AUTHORITY\SYSTEM"}
$systemFullControl = $systemPerms | where {$_.FileSystemRights -eq "FullControl" -and $_.AccessControlType -eq "Allow"}
if($systemFullControl.Count -ge 1)
{
Write-Host "$path has the correct permissions assigned for SYSTEM account" -ForegroundColor Green
}
else
{
Write-Warning "$path is missing permissions for the SYSTEM account. The current permissions:"
$systemPerms
}
$adminPerms = (Get-Acl $path).Access | where {$_.IdentityReference -eq "BUILTIN\Administrators"}
$adminFullControl = $adminPerms | where {$_.FileSystemRights -eq "FullControl" -and $_.AccessControlType -eq "Allow"}
if($adminFullControl.Count -ge 1)
{
Write-Host "$path has the correct permissions assigned for Administrators group" -ForegroundColor Green
}
else
{
Write-Warning "$path is missing permissions for the Administrators group. The current permissions:"
$adminPerms
}
}
else
{
Write-Host "MISSING: $path" -ForegroundColor Green
}
}
}
function ValidateSysAppIdPerms
{
$apps = Get-AppxPackage MSTeams
foreach($app in $apps)
{
$perms = (Get-Acl $app.InstallLocation).sddl -split "\(" | ?{$_ -match "WIN:/\/\SYSAPPID"}
if($perms.Length -gt 0)
{
Write-Host "$($app.InstallLocation) has the correct SYSAPPID permissions assigned" -ForegroundColor Green
}
else
{
Write-Warning "$($app.InstallLocation) is missing SYSAPPID permissions."
}
}
}
function IsReparsePoint([string]$path)
{
$props = Get-ItemProperty -Path $path -ErrorAction SilentlyContinue
if($props.Attributes -match 'ReparsePoint')
{
return $true
}
return $false
}
function PathContainsReparsePoint($path, $trace = $false)
{
$badPaths = 0
$result = ""
$left = $path
for($i=0;$i -lt 10; $i++)
{
if ([string]::IsNullOrEmpty($left))
{
break;
};
if(IsReparsePoint($left))
{
$result = "Y" + $result
$badPaths++
}
else{
$result = "N" + $result
}
$left=Split-Path $left
}
if($trace)
{
if ($result.Contains("Y"))
{
Write-Warning "$result $path contains a reparse point"
}
else
{
Write-Host "$result $path" -ForegroundColor Green
}
}
return $badPaths -gt 0
}
function ValidateAppXPolicies()
{
$osPatchThresholds = @{
"10.0.19044" = 4046 #Win 10 21H2
"10.0.19045" = 3636 #Win 10 22H2
"10.0.22000" = 2777 #Win 11 21H2
"10.0.22621" = 2506 #Win 11 22H2
}
$minPatchVersion = [version]"10.0.19044"
$maxPatchVersion = [version]"10.0.22621"
if($script:osFullBuild -lt $minPatchVersion)
{
if(-Not (HasAllowAllTrustedAppsKeyEnabled))
{
Write-Warning "AllowAllTrustedApps is not enabled and OS version is too low to get the AllowAllTrustedApps patch."
}
else
{
Write-Host "The OS version is too low to get the AllowAllTrustedApps patch, but AllowAllTrustedApps is a supported value" -ForegroundColor Green
}
}
elseif($script:osFullBuild -le $maxPatchVersion)
{
$targetUBR = $osPatchThresholds[$script:osBuild]
if($script:osUBR -lt $targetUBR)
{
if(-Not (HasAllowAllTrustedAppsKeyEnabled))
{
$recommendedVersion = [version]"$script:osBuild.$targetUBR"
Write-Warning "AllowAllTrustedApps is not enabled and your version of Windows does not contain a required patch to support this.`nEither update your version of Windows to be greater than $recommendedVersion, or enable AllowAllTrustedApps"
}
else
{
Write-Host "OS version is missing the AllowAllTrustedApps patch, but AllowAllTrustedApps is a supported value" -ForegroundColor Green
}
}
else
{
Write-Host "OS version has the AllowAllTrustedApps patch" -ForegroundColor Green
}
}
else
{
Write-Host "OS version is high enough that AllowAllTrustedApps should not be an issue" -ForegroundColor Green
}
}
function HasAllowAllTrustedAppsKeyEnabled
{
$hasKey = $false;
$appXKeys = @("HKLM:\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock", "HKLM:\Software\Policies\Microsoft\Windows\Appx")
foreach ($key in $appXKeys)
{
try
{
$value = Get-ItemPropertyValue -Path $key -Name "AllowAllTrustedApps"
echo "$key AllowAllTrustedApps = $value"
if ($value -ne 0)
{
$hasKey = $true
break;
}
}
catch
{
echo "Missing AllowAllTrustedApps key at $key"
}
}
return $hasKey
}
echo "$script:osProductName Version $script:osVersion, Build $script:osFullBuild"
echo ""
echo "# Checking for reparse points in user shell folders"
ValidateShellFolders
echo ""
echo "# Checking for reparse points in temp/tmp environment variables"
ValidateEnvironmentVars
echo ""
echo "# Checking for user permissions in appdata"
ValidateUserAccess($list)
echo ""
echo "# Checking for reparse points in appdata"
foreach ($path in $list)
{
$result = PathContainsReparsePoint $path $true
}
echo ""
echo "# Checking for unexpected files in appdata"
ValidatePaths($list)
echo ""
echo "# Checking SYSTEM and Administrators permissions in appdata"
ValidateSystemPerms($list)
echo ""
echo "# Checking SYSAPPID permissions"
ValidateSysAppIdPerms
echo ""
echo "# Checking if AllowAllTrustedApps is valid"
ValidateAppXPolicies
Pause
選項 2:手動執行檢查
重要
這個章節、方法或工作包含修改登錄的步驟。 然而,不當修改登錄可能會發生嚴重的問題。 因此,請務必小心執行下列步驟。 如需新增的保護, 請在修改登錄之前先備份 登錄。 然後,如果發生問題,您就可以還原登錄。
檢查 Cookie 和快取殼層資料夾是否指向重新分析點的位置:
執行下列 PowerShell 命令:
(gp ([environment]::getfolderpath("Cookies"))).Attributes -match 'ReparsePoint' (gp ([environment]::getfolderpath("InternetCache"))).Attributes -match 'ReparsePoint'如果這兩個命令都傳回 False,請移至步驟 2。 否則,請開啟註冊表編輯器,並找出下列子機碼:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders針對傳回為 True 之 PowerShell 命令中的殼層資料夾,將其相關聯登錄專案的值更新為不是重新分析點的位置。 例如,您可以將值設定為預設路徑:
登錄項目 值 Cookie %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookiesCache %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache檢查 TEMP 或 TMP 環境變數的值是否已設定為重新分析點:
執行下列 PowerShell 命令:
gci env:* | ?{@("TEMP", "TMP").Contains($_.Name)} | %{$_.Value+" - "+((gp $_.Value).Attributes -match 'ReparsePoint')}如果命令傳 回 False,請移至步驟 3。 否則, 請將環境變數的值設定 為不是重新分析點的位置。
檢查您是否具有讀取權限可存取 AppData 資料夾中的所有下列目錄:
- %USERPROFILE%\AppData\Local
- %USERPROFILE%\AppData\Local\Microsoft
- %USERPROFILE%\AppData\Local\Microsoft\Windows
- %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatUaCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\DNTException
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatUaCache
- %USERPROFILE%\AppData\Local\Microsoft\Windows\PPBCompatUaCache\Low
- %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
- %USERPROFILE%\AppData\Local\Packages
- %USERPROFILE%\AppData\Local\Packages\VirtualizationTests.Main_8wekyb3d8bbwe\LocalCache
- %USERPROFILE%\AppData\Local\Publishers
- %USERPROFILE%\AppData\Local\Publishers\8wekyb3d8bbwe
- %USERPROFILE%\AppData\Local\Temp
- %USERPROFILE%\AppData\LocalLow
- %USERPROFILE%\AppData\LocalLow\Microsoft
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EdpDomStore
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList
- %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\IEFlipAheadCache
- %USERPROFILE%\AppData\Roaming
- %USERPROFILE%\AppData\Roaming\Microsoft
- %USERPROFILE%\AppData\Roaming\Microsoft\Crypto
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\UserData
- %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
- %USERPROFILE%\AppData\Roaming\Microsoft\Spelling
- %USERPROFILE%\AppData\Roaming\Microsoft\SystemCertificates
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Libraries
- %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
您可以使用 Test-Path PowerShell 命令來執行這項檢查。 如果您沒有特定資料夾的 讀取 許可權,請要求具有 資料夾完整控制 許可權的人員授與您 讀取 許可權。
檢查步驟 3 中列出的任何資料夾是否變更為重新分析點。 如果有任何資料夾是重新剖析點,請連絡 Microsoft 支援服務。
檢查 AppData 資料夾中名稱與必要系統資料夾相同的檔案。 例如,路徑中名為 Library 的檔案 %AppData%\Microsoft\Windows\Libraries,與具有相同路徑的文件夾名稱相同。 針對步驟 3 中列出的每個資料夾,執行下列 PowerShell 命令:
Test-Path -Path <directory name, such as $env:USERPROFILE\AppData\Local\Temp> -PathType Leaf如果命令傳 回 True,請移除檔案,然後使用與系統資料夾的完整路徑相同的名稱來建立資料夾。
檢查 SYSTEM 帳戶和 Administrators 群組是否具有 步驟 3 中列出的所有目錄的完整控制 許可權。
針對每個資料夾執行下列 PowerShell 命令:
((Get-Acl (Join-Path $env:USERPROFILE "<directory name that starts with AppData, such as AppData\Local>")).Access | ?{$_.IdentityReference -eq "NT AUTHORITY\SYSTEM" -and $_.FileSystemRights -eq "FullControl"} | measure).Count -eq 1 ((Get-Acl (Join-Path $env:USERPROFILE "<directory name that starts with AppData, such as AppData\Local>")).Access | ?{$_.IdentityReference -eq "BUILTIN\Administrators" -and $_.FileSystemRights -eq "FullControl"} | measure).Count -eq 1如果任一個命令傳回 False,請要求具有資料夾完整控制許可權的人員,將完整控制許可權授與對應帳戶。
檢查您是否具有 Teams 安裝位置的 SYSAPPID 許可權。 執行下列 PowerShell 命令:
Get-AppxPackage MSTeams | %{$_.InstallLocation+" - "+(((Get-Acl $_.InstallLocation).sddl -split "\(" | ?{$_ -match "WIN:/\/\SYSAPPID"} | Measure).count -eq 1)}如果命令傳 回 False,請要求本機 Administrators 群組 的成員刪除電腦上的使用者配置檔 。 然後,使用使用者帳戶重新建立使用者配置檔來登入。
檢查 AllowAllTrustedApps 原則設定:
在 [命令提示字元] 視窗中,執行
winver命令。將結果中的 Windows 版本和組建編號與下列 Windows 11 和 Windows 10 版本進行比較:
- Windows 11 版本 21H2 OS 組建 22000.2777
- Windows 11 版本 22H2 OS 組建 22621.2506
- Windows 10 版本 21H2 OS 組建 19044.4046
- Windows 10 版本 22H2 OS 組建 19045.3636
如果您的 Windows 版本和組建編號早於清單中的版本,請開啟 [註冊表編輯器],然後在下列其中一個子機碼下找到 AllowAllTrustedApps 登錄專案:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlockComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
檢查 AllowAllTrustedApps 的值。 如果值為 0,則會停用原則。 將它變更為 1 以啟用原則,然後再試一次以啟動新的 Teams。
注意: 若要啟動新的 Teams 而不啟用 AllowAllTrustedApps 原則,您必須執行步驟 5b 中列出的其中一個 Windows 版本。
如果問題持續發生,請將系統更新為 Windows 11 版本 22H2、OS 組建 22621.2506 或更新版本。