Skip to main content

UTS Outlook Issues

{{@9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe}}

Introduction

UTS response plan for general Microsoft AAD Broker Plugin issues. All Windows file and registry changes areoccur at the user profile level,level which willand require the user to be logged intoin to the session host environment.

Requirements

  • Configuration changes should be made under the logged-in user.user's remoted desktop (session host) session..
  • DO NOT use "Run as administrator" for any of the utilities (e.g., Windows Registry, PowerShell, etc.) in this guide.

Instructions

  1. Connect to the user's computer to identify the remote desktop session and server they're connected to. You can make changes either from the user's remote computer or directly on UTS-AZ-RDSH1 or UTS-AZ-RDSH2 via Screen Connect. After determining which server hosts the active session, record the server, time/date, and username. Tracking these occurrences is essential.

  2. Sign out of all Office apps (Outlook, etc.).
  3. Close all Office apps (Outlook, etc.).
  4. Sign out of the remote desktop environment.
  5. Sign in to the remote desktop environment (as the user).

  6. InOpen PowerShell (as the Windowsuser, Registry,DO navigateNOT to:
    Run 
    Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
    as

    Createan DWORDAdministrator), values:

    and
    • DisableAADWAM = 1
    • DisableADALatopWAMOverride = 1

    Alternatively, you can runpaste the following contents into the PowerShell snippetconsole and press the Enter key.

    PowerShell should run in the "User" context rather than the "Administrator" context to domodify the same"HKCU" thing:(HKEY_CURRENT_USER) registry hive. Running PowerShell as an Administrator accesses the wrong HKCU - the Administrators' registry hive, which does not require modification.



    # Adds/sets Office identity values in the CURRENT USER registry hive (HKCU)
# Run in the user context.

$regPath = 'HKCU:\Software\Microsoft\Office\16.0\Common\Identity'

# Ensure the key exists
if (-not (Test-Path $regPath)) {
    New-Item -Path $regPath -Force | Out-Null
}

# Values to set
$values = @{
    DisableAADWAM              = 1
    DisableADALatopWAMOverride = 1
    EnableADAL                 = 1
}

# Create or update each value
foreach ($name in $values.Keys) {
    New-ItemProperty -Path $regPath -Name $name -PropertyType DWord -Value $values[$name] -Force | Out-Null
}

# Show final values
Get-ItemProperty -Path $regPath -ErrorAction SilentlyContinue | Select-Object DisableAADWAM, DisableADALatopWAMOverride, EnableADAL

    What DisableAADWAM=1 changes:
    It tells Office apps (Outlook/Word/Excel/etc.) not to use Windows Web Account Manager (WAM), which relies on the Microsoft.AAD.BrokerPlugin cache and Windows account token broker. Office will fall back to its built-in authentication path.


    What EnableADA=1 changes:
    Enables Office ADAL/modern authentication behavior per user (commonly associated with Azure AD sign-in for Office).


  7. In the Windows File Explorer, delete the contents of: 
    %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    Afterwards, verify theall contents have been removed.deleted.

  8. Sign out of the remote desktop environment.
  9. Sign in to the remote desktop environment (as the user).
  10. Sign in to Outlook.
  11. Report or document any errors to the Integrations Team and Adam.

Troubleshooting

N/A

Sources

KB Change/Issue Log

yyyy/mm/dd - Title

Issue

N/A

Solution

N/A

Sources
  • N/A

KB Meta

Page Includes

@9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe
Back to top