Posted by Chris1565 2019-06-12T13:46:40Z
Good morning,
Having an issue just recently that we haven’t seen before when setting up new PCs with Office 365 Premium apps. The error below presents itself when setting up the Outlook account for the user. Has anyone seen this as this seems to be a new issue? We have cleared the TPM chip, re-created profiles, disabled modern auth, disjoined/rejoined the domain, etc. with no luck. This client is not in a hybrid 365 setup and not using Bitlocker. Thanks for the help in advance.
check
Best Answer
Found the problem here…issue was GPO not being applied correctly over VPN due to Sonicwall firewall blocking this (Application Control Detection Alert: PROXY-ACCESS Encrypted Key Exchange). Once I disabled this all is well. Maybe this will help somebody one day.
9 found this helpful
thumb_up
thumb_down
View Best Answer in replies below
42 Replies
-
Check the drivers for your onboard TPM. I know HPs get finicky without that security software installed.
My assumption is that you created a stock image for the new devices and omitted the TPM driver/ software as it looked more like bloatware from the manufacturer.
Was this post helpful?
thumb_up
thumb_down
-
These are Dell PCs and they seem to have all the latest drivers. I have even downgraded the BIOS on one with no luck just for testing. I have also uninstalled the TPM device and re-installed it with no luck.
Was this post helpful?
thumb_up
thumb_down
-
Hi Chris,
I found this on a MS forum about your unusual issue Outlook activation error Opens a new window Opens a new window and it mentioned that they resolved the issue by modifying the registry to disable modern authentication.
HKCUSOFTWAREMicrosoftOffice16.0CommonIdentity
REG_DWORD
EnableADAL
0
1 of 3 found this helpful
thumb_up
thumb_down
-
Found the problem here…issue was GPO not being applied correctly over VPN due to Sonicwall firewall blocking this (Application Control Detection Alert: PROXY-ACCESS Encrypted Key Exchange). Once I disabled this all is well. Maybe this will help somebody one day.
9 found this helpful
thumb_up
thumb_down
-
Such a convoluted issue & such a great (and simple) fix. I’d Spice you twice if i could…….
Was this post helpful?
thumb_up
thumb_down
-
can anyone help me?
Was this post helpful?
thumb_up
thumb_down
-
I deleted the appdata folder. Nope.
I removed and recreated the profile. Nope.
I disabled IPv6. Nope.
I changed the DNS servers. Nope.
2 users on the PC — one is fine, the new one is fine EXCEPT I cannot launch and configure Outlook.
Updated the firmware. Nope.
Cannot even add new mail account in a second Outlook profile — cannot find server.
WTF!!
Was this post helpful?
thumb_up
thumb_down
-
I added this to the registry of a user whose machine was giving the same error even after updating the BIOS and clearing TPM
HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyProtectProvidersdf9d8cd0-1501-11d1-8c7a-00c04fc297eb
Change the value of “ProtectionPolicy” to “1″
if ProtectionPolicy dosen’t exist, Add DWORD (32bit) Value and then change the value to 1
Found the information for it from here; https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/crede… Opens a new window
26 found this helpful
thumb_up
thumb_down
-
Thanks for posting that, IT_TL!! Making that change in the registry fixed it for me.
1 found this helpful
thumb_up
thumb_down
-
Has same issue, but it was solved by login on with the VPN connection.
I was installing these HP computers from remote and first logged on with VPN into the user account but later on logged on without the VPN returning me this error when trying to setup the Outlook account.
So I logged off and logged on again but this time with the VPN option.
9 found this helpful
thumb_up
thumb_down
-
THIS! I had not had this problem until I tried this over the VPN but did not think this was caused by VPN. Thank you for posting this solution as I was not even looking at that aspect.
3 found this helpful
thumb_up
thumb_down
-
Erwin Craps Thank you! HP computer account set up on VPN, disconnected VPN, and received this error in Office activation. Chrome also refused to save profile cookies and paused syncing whenever closed.
Can someone provide me an explanation for this? HP TPM chip has the WAN IP remembered, or can only authenticate over VPN now?
1 found this helpful
thumb_up
thumb_down
-
This worked like a champ! Absolutely no other solutions worked, trust me, I tried them all until I found this one.
0 of 1 found this helpful
thumb_up
thumb_down
-
I can confirm that VPN was my issue as well however it makes no sense. Bitlocker was running fine, lenovo laptop with TPM2.0 win10 1903 fully updated, all drivers fully updated, BIOS at default recommended settings — all fresh install.
Installed office 365, fully updated
tried clearing my TPM chip keys (make sure you have your recovery key if you’re trying this) — no luck
received this error until I connected to VPN and then the error just went away.
** i was remote on/off VPN while doing some of this work on the laptop. I did image the laptop on site and installed office on site but figured I’d do the *easy* stuff like setup office while on my home network.
Would be nice to know the cause of this for those who may not intend to require a VPN all the time.
Was this post helpful?
thumb_up
thumb_down
-
Sharing my experience with this issue:
My issue with this was finally resolved after connecting to our VPN AND running gpupdate /force which in our case, turns off Windows Firewall on the domain.
When I was only connected to VPN, I was still getting the TPM error. Once I confirmed Firewall was off on domain, I was able to register the user machine.
FWIW: This only began happening after updating our laptop images and using the latest version of the Microsoft Office Deployment Toolkit.
Version: 16.0.12827.20268
2 found this helpful
thumb_up
thumb_down
-
I’ve done more laptops successfully using the same image and did not have this issue. In our experience it seems to be related to when we were connected to vpn during the initial Configuration which then crept up during a mailbox setup.
Was this post helpful?
thumb_up
thumb_down
-
la respuesta de @IT_TL me funciona para resolver este error
muchas gracias. saludos
Was this post helpful?
thumb_up
thumb_down
-
Thanks
IT_TL . Its works
Was this post helpful?
thumb_up
thumb_down
-
Thanks. Just like to tack on the VPN fix worked for me, too.
I’ve got to say, it very frustrating this error shows a TPM issue, and is really not at all related.
Was this post helpful?
thumb_up
thumb_down
-
Erwin Craps, as soon as I connected back to the user’s VPN I was able to authenticate and successfully activate the user’s Office software. Thank you!
I’m no expert but my theory is that when installing the Office software over VPN the TPM module registers an entry that is unique to that VPN session so that later when you go try and activate Office and have disconnected from the user’s VPN session, maybe due to a restart after the Office installation, the activation fails cause of mismatching TPM entries..?. Seems like a Windows 10/Office bug maybe?
Was this post helpful?
thumb_up
thumb_down
-
Butsy
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.New contributor
sonoraThis can happen when your system time is off. I just struggled with it for 2 hours before I realized the time zone needed set…
3 found this helpful
thumb_up
thumb_down
-
Butsy
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.sonora
I had this same error. Turns out the system time was an hour off…. Changed the time zone and was able to sign into office apps.
1 found this helpful
thumb_up
thumb_down
-
Amazeballs answer, worked for me.
0 of 1 found this helpful
thumb_up
thumb_down
-
The Sonicwall encrypted key one.
Was this post helpful?
thumb_up
thumb_down
-
Found the problem here…issue was GPO not being applied correctly over VPN due to Sonicwall firewall blocking this (Application Control Detection Alert: PROXY-ACCESS Encrypted Key Exchange). Once I disabled this all is well. Maybe this will help somebody one day.
I’m using USMT to copy profiles and have encountered the error somewhat frequently. Usually a reboot «fixes» the issue. Today, connecting to VPN and doing a GUPDATE /FORCE fixed it for me!
Was this post helpful?
thumb_up
thumb_down
-
Thank you
IT_TL, that worked!!!
Was this post helpful?
thumb_up
thumb_down
-
Thank you very much; can’t believe it’s related to VPN. Once connecting to the office network via VPN, everything is good.
Was this post helpful?
thumb_up
thumb_down
-
I’m still not sure how you were able to correlate that registry key from that link to this issue, but it saved my bacon! Awesome
Was this post helpful?
thumb_up
thumb_down
-
IT_TL wrote:
I added this to the registry of a user whose machine was giving the same error even after updating the BIOS and clearing TPM
HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyProtectProvidersdf9d8cd0-1501-11d1-8c7a-00c04fc297eb
Change the value of “ProtectionPolicy” to “1″
if ProtectionPolicy dosen’t exist, Add DWORD (32bit) Value and then change the value to 1
Found the information for it from here; https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/crede… Opens a new window
This worked for me, thank you
Was this post helpful?
thumb_up
thumb_down
-
Thanks that worked for me!
0 of 1 found this helpful
thumb_up
thumb_down
-
Maybe this was mentioned before, and forgive me for the simplicity of the answer, but have you tried turning it off, unplugging for 30 seconds and replugging in? I have seen this issue a few times and when it comes up for me, it basically shows no TPM in the bios or the device manager. This always seems to follow the installation of O365 so far.
Hope this helps. I just would love to know why this works…
Was this post helpful?
thumb_up
thumb_down
-
Maybe this was mentioned before, and forgive me for the simplicity of the answer, but have you tried turning it off, unplugging for 30 seconds and replugging in? I have seen this issue a few times and when it comes up for me, it basically shows no TPM in the bios or the device manager. This always seems to follow the installation of O365 so far.
Hope this helps. I just would love to know why this works…
Was this post helpful?
thumb_up
thumb_down
-
ProtectionPolicy = 1 enables local back up of «MasterKey» instead of requiring backup to a Domain Controller. (Link from MS Opens a new window Opens a new window)
Seems like an admin account is needed to get this MasterKey thing. Local admin privileges might be easier to get than domain admin privileges, so this ProtectionPolicy = 1 registry setting may slightly open up a security vulnerability.
Apologies for the second link being with a source that doesn’t have too much credibility. Just thought I’d throw in another thing to consider after looking into ProtectionPolicy.
Was this post helpful?
thumb_up
thumb_down
-
AndreaD
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.cayenne
Erwin Craps wrote:
Has same issue, but it was solved by login on with the VPN connection.
I was installing these HP computers from remote and first logged on with VPN into the user account but later on logged on without the VPN returning me this error when trying to setup the Outlook account.
So I logged off and logged on again but this time with the VPN option.I could kiss you right now. Was going insane. Read your reply and it clicked. Thank you!
Was this post helpful?
thumb_up
thumb_down
-
My problem was also time difference. system time was stablished by server (domain) and it was 14min difference.
Logging on server, adjunst time, and… voila!
Was this post helpful?
thumb_up
thumb_down
-
JanSnow
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.pimiento
Had the same issue. I just had to login to the machine as local admin and connect to VPN. Signed back in as user and it let me login to all O365 apps.
Was this post helpful?
thumb_up
thumb_down
-
Thanks IT_TL . Its works
Was this post helpful?
thumb_up
thumb_down
-
Thank you so much, that fixed my issue.
Was this post helpful?
thumb_up
thumb_down
-
You rock!! why does Microsoft do this to us???
Was this post helpful?
thumb_up
thumb_down
-
Me… This helped me today. Thank you.
Was this post helpful?
thumb_up
thumb_down
-
Sir, THANK YOU for sharing the solution that you discovered yourself. I had been struggling with a set of issues for a specific device, this TPM error being the final boss. I connected the device to the VPN, ran gpupdate /force, and everything started working. Again, THANK YOU!!! Your information generosity has definitely earned me some kudos at work, especially because two other T2 techs spent a combined two hours and could not come to a resolution.
Was this post helpful?
thumb_up
thumb_down
-
Thanks @chris1565 this also helped me fix a user getting this error — Microsoft Outlook. Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The file C::UsersusernameAppDataLocalMicrosoftOutlookuser@domain.ost cannot be accessed. You must connect to Microsoft Exchange at least once before you can use your Outlook data file (.ost).
Was this post helpful?
thumb_up
thumb_down
Read these next…
IT managers — what non-technical job responsibilities do you struggle to manage?
Best Practices & General IT
As an IT manager, most of the job involves a number technical problems to solve and plan for, but there are numerous non-technical hurdles to jump over as well. And if you’re a brand new IT manager without a mentor or guidance, it can be hard to know how …
Best way to approach a poorly-maintained network
Windows
So this veterinary clinic is asking me to fix their computer network but they don’t know their network passwords. Users can log in but I cannot get my remote software working because they don’t know the administrator passwords to install it on them. It …
Snap! — Learning Hibernation, Sound Printing, Accidental Bomb, Waves on Mars
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: February 10, 1996: Deep Blue Defeats Kasparov (Read more HERE.)
Bonus Flashback: February 10, 2009: Satellites Collide! (Read more HERE.)
You need to hear this.
…
Spark! Pro series – 10th February 2023
Spiceworks Originals
Happy Friday!
Just a reminder, if you are reading the Spark!, Spice it
up. We like it spicy here!Today in History:
February 10, 1996 —
A Computer Defeats a World Chess ChampionWorld chess champio…
Looking for a simple app to keep notes I can access on any device.
Software
Do you keep notes that you access across multiple devices? Online on a computer or app on a mobile device? I’d like to jot things down if an idea pops into my head, when I learn something new, get a new process, discover a switch port I may need to bounce…
Mysterious Microsoft Office Error Code 80090034 Wants You to Reconnect to the Domain
Sometimes error messages just don’t make sense in the context they’re given. Take 80090034, for example.
After rebuilding a computer (remotely, the joy of work from home), the computer was joined to the domain over a VPN, and the I logged in the first time over the VPN to get a profile created. The computer rebooted a few times while applications were installed, including Office 365. When I opened Outlook the first time, it automatically filled out my profile information but when I got to finish, it gave a very odd error that said, “Your computer’s Trusted Platform Module has malfunctioned.”
Odd. Why does Office need to talk to the TPM? Oh well, let’s assume it’s some new security thing and troubleshoot the TPM. I immediately addressed the usual suspects:
- Double check that the TPM is enabled in BIOS?
- Clear the TPM keys in BIOS.
- Validated the firmware and drivers were up to date for the TPM (they were).
- Validated the TPM WAS working by enabling Bitlocker (usually the last thing I do).
Everything came up exactly as it should, and Bitlocker worked fine with the TPM.
On page 4 or 5 of Google, however (and various fixes tried), one other person was claiming a similar issue, in a similar situation with an odd fix: “reconnect the VPN.”
That seemed like an unlikely fix, as my mailbox is in 365, and in my daily life I almost never connect the VPN without any issues, but at this point — two hours into the issue — it seemed easy enough to try.
Sure enough, as soon I reconnected the VPN, the Outlook profile creation finished with no errors and email started flowing in.
I’m not sure what the ACTUAL problem was. Clearly it wasn’t TPM related, so I think I hit a generic error message with a bad description.
The person suggesting reconnecting the VPN did offer this theory: “This Microsoft article titled “DPAPI MasterKey backup failures when RWDC isn’t available’ indicates that when a domain user logs in for the first time, and can’t contact a read/write domain controller, then DPAPI keys can’t be backed up. I’m guessing Office 365 uses DPAPI to store your credentials.”
This doesn’t really make complete sense, because the first time I logged in, the VPN was connected. But either way, just reconnecting the VPN worked and Office completed setup without issues.
If you have questions about Microsoft error codes you’re seeing or need help setting up Office 365, we can help! Send us an email at info@mirazon.com or call us at 502-240-0404!
Share This Story, Choose Your Platform!
Related Posts
Page load link
Go to Top
Skip to content
На чтение 2 мин. Просмотров 3.5k. Опубликовано 03.09.2019
Модуль Trusted Platform Module используется для защиты вашего ПК, но некоторые пользователи сообщают, что в доверенной платформе вашего компьютера произошла ошибка на их ПК. Это может быть большой проблемой, поскольку может поставить под угрозу безопасность вашей системы, поэтому в сегодняшней статье мы покажем вам, как вы можете решить эту проблему раз и навсегда в своей системе.
Outlook 2016 с учетной записью Office 365 продолжает запрашивать пароль. После его ввода появляется сообщение «Доверенный платформенный модуль вашего компьютера неисправен. Если эта ошибка повторяется, обратитесь к системному администратору с кодом ошибки 80090030.
Содержание
- Как я могу исправить ошибку на доверенной платформе вашего компьютера?
- 1. Очистите ключи TPM
- 2. Включите или выключите TPM
- 3. Подготовьте свой TPM
- 4. Отключить Hyper-V
Как я могу исправить ошибку на доверенной платформе вашего компьютера?
1. Очистите ключи TPM
- В меню «Пуск» введите Защитник Windows и нажмите на него.
- Когда Защитник Windows откроется, перейдите в Центр безопасности Защитника Windows .
- Выберите Безопасность устройства и нажмите Сведения о процессоре безопасности .
-
Нажмите Устранение неполадок процессора безопасности .
- Затем нажмите Очистить TPM .
- Перезагрузите компьютер после того, как вы закончите.
2. Включите или выключите TPM
- Нажмите Windows Key + R , чтобы открыть окно «Выполнить».
-
Когда откроется диалоговое окно Выполнить , введите в поле tpm.msc и нажмите Enter .
-
Нажмите на панель Действие и выберите Отключить TPM .
- Перезагрузите компьютер и проверьте, устранена ли проблема.
3. Подготовьте свой TPM
- Следуйте инструкциям предыдущего решения.
- Нажмите Подготовить TPM в правом углу окна модуля.
- Подтвердите любые диалоговые окна и перезагрузите компьютер, как только вы закончите.
4. Отключить Hyper-V
- Откройте Панель управления .
- Теперь нажмите Программы и компоненты .
-
Затем нажмите Отключить функции Windows.
- Теперь найдите параметр Hyper-V и снимите его.
- Просто нажмите кнопку ОК, чтобы сохранить изменения и перезагрузить компьютер.
Мы надеемся, что эти решения помогли вам исправить на вашем ПК неисправная платформа, на которой произошла ошибка . Если вы нашли наши решения полезными, не стесняйтесь сообщить нам в разделе комментариев ниже.
- Remove From My Forums
-
Вопрос
-
Ответы
-
Вот именно, что через гую не дает экспортировать .PFX вместе с private key.
Вообщем проверил, private key есть в экспортированном сертификате.
Буду таким методом экспорт делать.
$a = Get-ChildItem -Path cert:localMachinemy Export-PfxCertificate -Cert $a[0] -FilePath C:myexport.pfx -Password (Read-Host -AsSecureString -Prompt 'Enter Password')
Спасибо за помощь.
-
Помечено в качестве ответа
udar-nik
6 сентября 2017 г. 9:44
-
Помечено в качестве ответа
Все ответы
-
-Password<SecureString>
Specifies the password used to protect the exported PFX file. The password should be in the form of secure string.
Either the ProtectTo or this parameter
must be specified, or an error will be displayed.https://technet.microsoft.com/ru-ru/library/hh848635.aspx
может именно проблема в слове Either?
хотя там в примере есть момент совместного использования, но в таком случае упомянуто A
Windows 8 DC for key distribution is required.вы рут кей на дс задавали?
ща подниму виртуалку и гляну…
-
Изменено
Svolotch
5 сентября 2017 г. 9:05
-
Изменено
-
-Password<SecureString>
Specifies the password used to protect the exported PFX file. The password should be in the form of secure string.
Either the ProtectTo or this parameter
must be specified, or an error will be displayed.https://technet.microsoft.com/ru-ru/library/hh848635.aspx
может именно проблема в слове Either?
хотя там в примере есть момент совместного использования, но в таком случае упомянуто A
Windows 8 DC for key distribution is required.вы рут кей на дс задавали?
ща подниму виртуалку и гляну…
Там смысл в том, что при использовании Export-PfxCertificate необходимо в любом случае
указать либо-Password, либо -ProtectTo. Можно использовать данные атрибуты совместно. Корневой центр сертификации
у меня поднят, правда не на контроллере домена. Используется windows server 2012r2. Создан также подчиненный центр сертификации. Я пытаюсь экспортировать сертификат подчиненного центра сертификации. Может ошибка связана с тем, что я когда
создавал сертификат указал алгоритм хэширования sha256, а не sha1?-
Изменено
udar-nik
5 сентября 2017 г. 9:27
-
Изменено
-
вот хз…
PS C:Windowssystem32> $a=Get-ChildItem -Path cert:localMachinemy PS C:Windowssystem32> $a[0].SignatureAlgorithm.FriendlyName sha256RSA PS C:Windowssystem32> $mypwd = ConvertTo-SecureString -String "1234" -Force –AsPlainText PS C:Windowssystem32> Export-PfxCertificate –Cert $a[0] –FilePath C:myexport.pfx -ProtectTo "contosotestgrp" -Password $mypwd Directory: C: Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 9/5/2017 1:04 PM 3949 myexport.pfx PS C:Windowssystem32>А если ручками экспортировать?
-
Изменено
Svolotch
5 сентября 2017 г. 10:08
-
Изменено
-
PS C:Windowssystem32> $a=Get-ChildItem -Path cert:localMachinemy
PS C:Windowssystem32> $a[0].SignatureAlgorithm.FriendlyName
sha256RSA
PS C:Windowssystem32> $mypwd = ConvertTo-SecureString -String «1234» -Force –AsPlainText
PS C:Windowssystem32> Export-PfxCertificate –Cert $a[0] –FilePath C:myexport.pfx -ProtectTo «contosotestgrp» -Password $mypwdDirectory: C:
Mode LastWriteTime Length Name
—- ————- —— —-
-a— 9/5/2017 1:04 PM 3949 myexport.pfxPS C:Windowssystem32>
Все равно выдает ошибку.
При использовании атрибута -Password (Read-Host-AsSecureString-Prompt‘Enter
Password’) заработало.PS C:Windowssystem32> $a = Get-ChildItem -Path cert:localMachinemy Export-PfxCertificate -Cert $a[0] -FilePath C:myexport.pfx -Password (Read-Host -AsSecureString -Prompt 'Enter Password') Directory: C: Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 05.09.2017 13:05 4175 myexport.pfx PS C:Windowssystem32>
Если ручками то у меня недоступен параметр экспорт
-
Изменено
udar-nik
5 сентября 2017 г. 10:17
-
Изменено
-
экспорт с приватным ключем выбираете?
-
экспорт с приватным ключем выбираете?
Как проверить? Если я не укажу атрибут -ProtectTo то у меня экспортируется без
private key ? -
нет, я про скриншот когда через гую экспортируете
-
Вот именно, что через гую не дает экспортировать .PFX вместе с private key.
Вообщем проверил, private key есть в экспортированном сертификате.
Буду таким методом экспорт делать.
$a = Get-ChildItem -Path cert:localMachinemy Export-PfxCertificate -Cert $a[0] -FilePath C:myexport.pfx -Password (Read-Host -AsSecureString -Prompt 'Enter Password')
Спасибо за помощь.
-
Помечено в качестве ответа
udar-nik
6 сентября 2017 г. 9:44
-
Помечено в качестве ответа