Windows Client OS

Microsoft 365 Apps/Office Activation Problems because of TPM

January 21, 2025 by AJNI No Comments

If you are getting this error when trying to login to Microsoft 365 Apps, this fix might help. The error says “Your computer’s Trusted Platform Module has malfunctioned. Error Code 80090034.

To fix that, configured this registry key/value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb

DWORD Protectionpolicy 1

The value 1 indicates a specific setting, but without direct documentation from Microsoft, the precise effect of 1 on this policy isn’t readily available. It typically refers to enabling or enforcing a particular cryptographic protection policy, possibly related to password protection or other cryptographic functions in Windows.

This was tested on Windows 10.

Reading time: 1 min
Microsoft 365Windows Server

Outlook / Microsoft 365 crashing on Windows Server 2016 after January 2025 updates

January 17, 2025 by AJNI No Comments

This Monday, 13th of January 2025 was a bad day for sysadmins. Outlook and other Microsoft 365 / Office Apps would crash upon start because of a new update pushed by Microsoft. The message says something about react-navis-win32.dll missing. The only fix is to install the December 2024 Updates to fix the issue.

This configuration XML File install the December 2024 updates. Beware: This configuration is for Windows Server 2016 RDS and note that automatic updates are disabled.

<Configuration ID="e2abcd00-6229-40cc-be2d-e3a8ff5efb34">
  <Add OfficeClientEdition="32" Channel="Broad">
    <Product ID="O365BusinessRetail">
      <Language ID="de-de" />
      <Version ID="16.0.17328.20670"/>
      <ExcludeApp ID="Groove" />
      <ExcludeApp ID="Lync" />
      <ExcludeApp ID="OneDrive" />
      <ExcludeApp ID="Teams" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="1" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="0" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Updates Enabled="FALSE" />
  <RemoveMSI />
  <Display Level="None" AcceptEULA="TRUE" />
</Configuration>

To download data hit setup.exe /download configuration.xml

To install execute setup.exe /configure configuration.xml

References:

https://borncity.com/win/2025/01/13/microsoft-outlook-365-or-other-ms-365-apps-are-dropping-suddenly-errors/

Reading time: 1 min
SecurityWindows Server

Configure IIS Reverse Proxy to protect your Web Application

December 25, 2024 by AJNI No Comments

If you want to publish your Web App to the internet, you ideally should not directly NAT port 443 (or you custom HTTPS port) to you internal server. Instead, there should be a Reverse Proxy in a DMZ that accepts requests and then routes them to the internal server. You need to configure a Reverse Proxy with nginx or IIS.

Here is how you can do it with IIS.

Install IIS Role in Server Manager (Add Roles and Features > Web Server (IIS)

Download and install URL Rewrite and Application Request Routing (ARR)

https://iis-umbraco.azurewebsites.net/downloads/microsoft/url-rewrite

https://iis-umbraco.azurewebsites.net/downloads/microsoft/application-request-routing

In IIS Manager, stop Default Website:

Create a new Website:

Make sure you configure your parameters. The host name should be the public DNS name.

Now open URL Rewrite and create a new rule.

Enter the ip of the internal server along with the port.

View Server Variables and add HTTP_HOST as a variable.

Go back to rules and double click on the rule you just created.

Open server variables and add the application’s host name under HOST_NAME.

Add another variable with the name HTTP_Authentication-Context-Policy and value of internet

You should have variables.

Apply settings at the top right.

Next, select the server and open Configuration Editor:

Go to section System.Webserver/Proxy

Set preserveHostHeader to true and reverseRewriteHostInResponseHeaders to false

Apply changes at the top right.

Bonus: Increase timeout if bigger data chunks are sent to the client.

On the site, open Configuration Editor

Open Section system.web/Sessionstate

In stateNetworkTimeout increase value to 01:00 or higher.

Don’t forger to apply changes and restart IIS.

Reading time: 1 min
Microsoft 365Windows Client OSWindows Server

Outlook NEW is being rolled out starting January 2025. Here is how you can block it.

December 18, 2024 by AJNI No Comments

These 3 registry keys will help you block the rollout of Outlook NEW which is like a lot of Microsoft products a half baked solution that is being pushed by force to push something new.

This key hides the “Try new Outlook” toggle in the top right:

HKEY_CURRENT_USER
Software\Microsoft\Office\16.0\Outlook\Options\General
name HideNewOutlookToggle
type REG_DWORD
data 0x1 (1)

These key disables migration to new Outlook:

HKEY_CURRENT_USER
Software\Microsoft\Office\16.0\Outlook\Options\General
name DoNewOutlookAutoMigration
type REG_DWORD
data 0x0 (0)

HKEY_CURRENT_USER
Software\Policies\Microsoft\office\16.0\outlook\preferences
name NewOutlookMigrationUserSetting
type REG_DWORD
data 0x0 (0)

Reading time: 1 min
Windows Server

FSLogix not saving OneDrive and Microsoft 365 Credentials (AVD, Citrix)

December 11, 2024 by AJNI No Comments

If OneDrive and Microsoft 365 credentials are not being saved in your FSLogix deployment (Azure Virtual Desktop, Citrix etc.) this registry key might help you. There is also a corresponding GPO that does the same.

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles

DWORD – RoamIdentity

Value – 1

Sources:

https://blog.rdorman.net/onedrive-avd-fslogix-password-prompts/

Reading time: 1 min
Page 1 of 2012341020...Last »

Tip Of the Day

Keep in touch

Oh hi there!
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Categories

Archives