Forum Discussion
AADSTS70008 when trying to activate Office Applications
Hi
I have an Office 365 user on my tenant who can logon to Office web applications at portal.office.com and they work fine. He has an E5 license.
When he goes to activate his desktop applications, whether Word, Excel or Outlook, he gets an error.
"
Message: AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource."
There are some explanatory notes around. Specifically this one;
Error Code | 70008 |
Message | The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource. |
Remediation | Expected - auth codes, refresh tokens, and sessions expire over time or are revoked by the user or an admin. The app will request a new login from the user. |
My expectation would be if his Azure AD token had expired then he shouldn't be able to login to the web portal with the same ID.
Has anyone seen this? Any ideas on specifically troubleshooting this with respect to applications rather than just access?
Ideas welcome.
Stephen
6 Replies
A page for the error for reference:
- I just encountered the same issue, but with a Office 365 Personal installation i.c.w. a Business Exchange Online P1 for e-mail.
Same exact error when connecting the Exchange account.
I managed to fix it by manually adding the Office Business account to the account settings in Windows (add work or school account)
Afterwards, we successfully could load the mailbox! - Just to add to this.
The problem was eventually tracked to office activation. Specifically removing this registry key in Office proved to be the winner.
HKLM\Software\Microsoft\Office\16\Common\Identity
The Microsoft documentation to support this is here;
https://docs.microsoft.com/en-us/office/troubleshoot/activation/reset-office-365-proplus-activation-state
I hope it helps someone else stumbling onto this post.- It's actually HKCU not HKLM, but the solution is sound.
- I think you can get some cues on that link : https://www.microsoftpartnercommunity.com/t5/Multi-Factor-Authentication-MFA/OAuth-Refresh-token-has-expired-after-90-days/m-p/9200
Simple test : did you try disable 2FA for that account? Just reset his credentials, check the connexion and after that re-enable 2FA?
Did you try- The user currently doesn't have 2FA enabled. The user did do a password change. However, I possibly need to explore that again because the user can do this and it can be forced by the service desk.
