This week a customer informed us they had a strange problem with Office 365 Click-to-Run. The customer experienced two problems:

  1. When users start up an Office application, sometimes they would receive the following error:  “There is a problem with your account, please try again later”. 
  2. At random, some users were required to re-enter their Office 365 credentials; Single Sign-On was not working correctly.

In most cases, the “Fix me” button didn’t work for the users, nor did re-entering the credentials. The result: Office 365 activation didn’t work and they could not use their Office applications.

The customer environment

The customer environment consisted of the following components:

  • Horizon Cloud with Hosted Infrastructure version 17.2
  • Windows 10 build 1703
  • Office 365 Click-to-Run (latest version)
  • Non-persistent VDI (Instant Clone)
  • VMware UEM 9.3
  • ADFS implementation (Used for Single Sign-On)

Troubleshooting

The customer gave me some additional information. When they deleted the user’s profile, the problem was gone and the users could work again for a couple of days. However, the problem would always re-occur.

When I started troubleshooting, I used the following article for Office 365 Click-to-Run installation requirements, activation and roaming of the license token.

It turned out, the customer had installed Office 365 correctly in their base image. The most important part of non-persistent VDI is configuring the deployment.xml with the “SharedComputerLicensing” property, as indicated in the mentioned article.

Next, I reviewed the article how the license token renewal process works. The recommended approach is to always use Single Sign-On. The customer had implemented ADFS and SSO worked most of the time. However, as mentioned earlier, sometimes the users were prompted to re-enter their credentials again.

When I reviewed the VMware UEM configuration, the following two lines were added in the “Office 2016 – Shared Settings” personalization configuration:

Schermafbeelding 2018-04-12 om 19.41.16

As stated in the article, you only have to save (and roam) these settings if you do not use Single Sign-On. Since the customer had implemented ADFS, these lines could be safely removed from the VMware UEM configuration.

After we reset the VMware UEM profile settings (Office 2016 – Shared Settings.zip) for a couple of test users, the problem at first seemed to be solved. But after some more testing, we noticed the problem came back.

After some investigation on the internet, I found the following article.

At first, this didn’t seem to be related to our problem. But when we had a test user with the activation problem, we deleted the following registry key:

  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

After we restarted the Office application, the registry key was re-created and Single Sign-On worked immediately. The Office 365 activation was working again!

So, now we knew the solution, we could implement the fix. Within the VMware UEM Management Console, I could think of two ways to accomplish this:

Profile Cleanup the registry key tree

With this setting, the registry key tree will be deleted at each logoff. At each new logon, the registry key tree will be re-created.

Schermafbeelding 2018-04-12 om 20.20.17

Exclude the registry key tree

Configuring this setting means the registry key tree will not be saved into the user’s profile. It will have the same result as option one; the registry key tree will be re-created with each new logon.

Schermafbeelding 2018-04-12 om 20.17.20

For the existing users the personalization settings for the Office 2016 – Shared Settings needed to be reset, because the Identity key already existed in their profile. This was slightly more work, but we decided to implement this solution because I think it was a bit more “cleaner” than option one. In addition,  this was still a pilot environment and not many users were accessing the platform at this time.

Conclusion

As you can see, VMware UEM provides us with a simple yet powerful way to manage the application profile settings. There were even multiple ways to solve the problem, the one necessarily better than the other.

Please note, I am by no means an Office 365 expert. If you can think of a better solution, please let me know in the comments!