Forum Discussion

stephen_dxc122's avatar
stephen_dxc122
Brass Contributor
Mar 19, 2021

AADSTS70008 when trying to activate Office Applications

Hi 

 

I have an Office 365 user on my tenant who can logon to Office web applications at portal.office.com and they work fine. He has an E5 license. 

 

When he goes to activate his desktop applications, whether Word, Excel or Outlook, he gets an error. 

 

"

Message:  AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource."

 

There are some explanatory notes around. Specifically this one;

 

Error Code

70008

Message

The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource.

Remediation

Expected - auth codes, refresh tokens, and sessions expire over time or are revoked by the user or an admin. The app will request a new login from the user.

 

My expectation would be if his Azure AD token had expired then he shouldn't be able to login to the web portal with the same ID. 

 

Has anyone seen this? Any ideas on specifically troubleshooting this with respect to applications rather than just access?

 

Ideas welcome.

 

Stephen

 

6 Replies

  • Sven98's avatar
    Sven98
    Copper Contributor
    I just encountered the same issue, but with a Office 365 Personal installation i.c.w. a Business Exchange Online P1 for e-mail.

    Same exact error when connecting the Exchange account.

    I managed to fix it by manually adding the Office Business account to the account settings in Windows (add work or school account)
    Afterwards, we successfully could load the mailbox!
  • Just to add to this.

    The problem was eventually tracked to office activation. Specifically removing this registry key in Office proved to be the winner.

    HKLM\Software\Microsoft\Office\16\Common\Identity

    The Microsoft documentation to support this is here;

    https://docs.microsoft.com/en-us/office/troubleshoot/activation/reset-office-365-proplus-activation-state

    I hope it helps someone else stumbling onto this post.
    • ruffnerr's avatar
      ruffnerr
      Copper Contributor
      It's actually HKCU not HKLM, but the solution is sound.
  • StevenRPF's avatar
    StevenRPF
    Brass Contributor
    I think you can get some cues on that link : https://www.microsoftpartnercommunity.com/t5/Multi-Factor-Authentication-MFA/OAuth-Refresh-token-has-expired-after-90-days/m-p/9200

    Simple test : did you try disable 2FA for that account? Just reset his credentials, check the connexion and after that re-enable 2FA?

    Did you try
    • stephen_dxc122's avatar
      stephen_dxc122
      Brass Contributor
      The user currently doesn't have 2FA enabled. The user did do a password change. However, I possibly need to explore that again because the user can do this and it can be forced by the service desk.

Resources