This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 14.000000000000002%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
One of our users (on Win 7) get the following error when trying to log in to Outlook, Excel and so on.
AADSTS9002313: Invalid request. Request is malformed or invalid.
We have tried deleting the Outlook profile, MS credentials but nothing works.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 68%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hey folks, so I figured out what was doing this in our environment.
If your org setup checks all of these boxes, this comment will most likely be your fix:
Context:
There is a long-standing issue with Azure/OAuth tokens in Windows with 2FA-enabled accounts when users hit "Yes" to the "Use this account everywhere on your device" prompt when signing into any Microsoft service. What happens is that their 365 account gets added to the "Work or School accounts" section of Windows 10 as well as being signed into Office or whatever other Windows 10 app they are using. This is fine until the password resets, and then what happens is that the main application that is being used (i.e. Office) calls out for a new credential, but the Work or School account entry does not have the ability to do so and instead creates a conflict with any applications that are trying to reach out for a new credential. This will generate the common "Outlook TPM error" in which Outlook tells you that your Trusted Platform Module hardware chip has failed (lies). It can also cause a more vague issue where Office apps ask for credentials but won't let you put them in. This specific thread however, is a more spicy take on this issue. This specific issue is the same as above except that the account entry is hidden from Windows and can only be found and removed from inside of the specific Windows 10 app that the user signed into. More info below.
The fix:
To fix the generic Azure/OAuth token issue in Windows, we would have to remove the Work or School account from Windows settings like so:
Start > Settings > Accounts > Access Work or School > Click on the 365 account entry > Remove > Ignore warning > Sign back into Office or whatever application was failing before > Choose "This app only" at the "Use this account everywhere on your device" prompt so that it doesn't happen again.
Immediately afterwards authentication will start working again... Unless you're having the specific issue with error: "AADSTS9002313: Invalid request. Request is malformed or invalid" when trying to log in to Office, which means that there might be another secret Work or School account entry hidden somewhere else in Windows.
What I needed to do for this specific issue was search through every non-365 Microsoft app (i.e. from the Microsoft store) that the person used to see if any were still signed in after purging the other Work and School account entry in the location mentioned above. Eventually I found that the OneNote app that comes built into Windows 10 was the culprit. There is a separate "Account" section inside of the OneNote app that had the authenticated/failing Work or School account entry and for some reason that account only showed up in the OneNote app and NOT in the Windows 10 settings. I hit "Sign Out" for that account from inside of the OneNote app and the second that failing account entry was removed the issue immediately went away.
This is a very specific issue, but in my experience many orgs are setup like this nowadays so it might be more common than it would seem at first glance. I hope this info helps someone out there.
Alternatives:
If you are using Windows 7 or 8, you'll still want to check on all Microsoft apps to make sure none of them are stuck failing sign in (because they will work similarly regardless of Windows version), however you may instead need to clear credential manager entries to get this same effect. While some builds of Windows 8 have something similar to the account settings mentioned above, it will be good to keep in mind that older versions of Windows heavily relied on the credential manager for this sort of thing. If your org isn't set up with the settings mentioned at the beginning of this post, this info could still be helpful, but your results will most likely vary greatly.
Which version of Office is this user using?
Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity, back up the registry for restoration in case problems occur, then remove the folders under "Identity", such as "Profiles", "Identities". Besides, as the AADSTS error code and error message are related to Azure AD Authentication, to better help you, I would add the tag "azure-ad-authentication" and "azure-active-directory". Thanks for your understanding.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Emily Hua-MSFT thank you for this.
It is version 16.0. I deleted the folders in Identity and created the EnableADAL value, restarted the computer but still same error:
Should I delete the other values in the Identity folder?
Edit: Just tried creating a new user for him and logging in to Office on this new account. This time no error after entering user name, but it was not activated correctly. We have checked his license several times, no changes to this - but Office cannot activate.
@cmfl
If Office was not activated correctly, was there any error message?
Does this user have Microsoft 365 apps?
Please run following command in Command Prompt (Run it as administrator) to check the Office information.
cscript.exe "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /dstatus
(If you are running 32-bit Office on a 64-bit operating system)
cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus
It was activated correctly an worked fine for several years, then a month or 2 ago he got a message saying "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue". Later he got "Your subscription could not be confirmed" and now "AADSTS9002313: Invalid request. Request is malformed or invalid."
Here is the result:
PRODUCT ID: 00265-60000-00004-AA650
SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d86
LICENSE NAME: Office 16, Office16O365Busine
LICENSE DESCRIPTION: Office 16, RETAIL(Grac
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F009
ERROR DESCRIPTION: The Software Licensing S
expired.
Last 5 characters of installed product key:
PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541
LICENSE NAME: Office 15, OfficeVisioProVL_K
LICENSE DESCRIPTION: Office 15, VOLUME_KMSC
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing S
d not be activated using the Key Management
Last 5 characters of installed product key:
DNS auto-discovery: KMS name not av
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled
Thanks for your sharing.
As the error message "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue", I need to confirm what TLS protocol is used on your machine?
Please note, you need to ensuer TLS 1.1 and 1.2 on Windows 7 are enabled, for more you may refer to "Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows".
@cmfl
If there is any update, you may share with us.
The computer has the updates mentioned and TLS is enabled. I tried the tool, and it seem to have done something, when I tried logging in Word a box with "Product is now activated" appeared. Still get the "Invalid request...." when trying to log in with his user - but my own works.
I ran the Office information check again - this is the result now:
PRODUCT ID: 00265-60000-00004-AA650
SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d868
LICENSE NAME: Office 16, Office16O365BusinessR_Grace edition
LICENSE DESCRIPTION: Office 16, RETAIL(Grace) channel
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F009
ERROR DESCRIPTION: The Software Licensing Service reported that the grace perio
expired.
Last 5 characters of installed product key: 3RQ6B
PRODUCT ID: 00265-80106-36660-AA234
SKU ID: 6337137e-7c07-4197-8986-bece6a76fc33
LICENSE NAME: Office 16, Office16O365BusinessR_Subscription edition
LICENSE DESCRIPTION: Office 16, TIMEBASED_SUB channel
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---LICENSED---
ERROR CODE: 0x4004FC04 (for information purposes only as the status is licensed
ERROR DESCRIPTION: The Software Licensing Service reported that the application
is running within the timebased validity period.
REMAINING GRACE: 31 days (46064 minute(s) before expiring)
PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541c
LICENSE NAME: Office 15, OfficeVisioProVL_KMS_Client edition
LICENSE DESCRIPTION: Office 15, VOLUME_KMSCLIENT channel
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing Service reported that the product cou
d not be activated using the Key Management Service (KMS).
Last 5 characters of installed product key: RM3B3
DNS auto-discovery: KMS name not available
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled
@cmfl
Does the command results include 2 "Office 16"?
If yes, please run following command to uninstall one.
cscript.exe "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /unpkey:3RQ6B
(If the 32bit version of Office installed on a 64bit operation, run the following command)
cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /unpkey:3RQ6B
Then check the activation of Microsoft 365 apps again,
@cmfl
For volume licensed version of Visio, please ensuer the KMShost is listening on TCP port 1688.
Try following command to activate Visio by specifying KMS host.
cd C:\Program Files\Microsoft Office\Office15
cscript ospp.vbs /sethst:XXXXXX
cscript ospp.vbs /act
Please note, XXXXX mean KMS host named.
If the 32bit version of Office installed on a 64bit operation, you need to replace "Program Files" with "Program Files (x86)"
Yes, it does. I had to split the message in two because it was too long. I will try this
Didn't work :(
This is the result of /dstatus now
PRODUCT ID: 00265-80106-36660-AA234
SKU ID: 6337137e-7c07-4197-8986-bece6a76fc33
LICENSE NAME: Office 16, Office16O365BusinessR_Subscription edition
LICENSE DESCRIPTION: Office 16, TIMEBASED_SUB channel
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---LICENSED---
ERROR CODE: 0x4004FC04 (for information purposes only as the status is licensed)
ERROR DESCRIPTION: The Software Licensing Service reported that the application
is running within the timebased validity period.
REMAINING GRACE: 29 days (43196 minute(s) before expiring)
PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541c
LICENSE NAME: Office 15, OfficeVisioProVL_KMS_Client edition
LICENSE DESCRIPTION: Office 15, VOLUME_KMSCLIENT channel
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing Service reported that the product coul
d not be activated using the Key Management Service (KMS).
Last 5 characters of installed product key: RM3B3
DNS auto-discovery: KMS name not available
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled
Should I try uninstalling the remaining Office version as well?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 41%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Having the same exact issues as the other person is. Posting this here as I'm following the same suggestions/advice given and unable to achieve anything. I can log into Word however when trying to activate it, I get the Invalid Request instead of option to enter the password. Sorry if this does not belong here, not trying to barge in. No idea what to do to get this to work so hopefully the issues can be solved for everyone facing it.
This is the info I get when I try to activate.
AADSTS9002313: Invalid request. Request is malformed or invalid
Request Id: 8da6c6b8-16a6-4ae2-a238-1e976acb5600
Correlation Id: 5bd662f2-dd8c-47d8-936f-60c21cab89a4
Timestamp: 2021-08-19T05:18:38Z
Message: AADSTS9002313: Invalid request. Request is malformed or invalid.
Is anyone using anything other than Windows 7 to activate? If not, could it be an issue because 7 isn't supported officially by MS anymore?
@Emily Hua-MSFT should I try uninstalling the remaining Office version as well?
It was activated correctly an worked fine for several years, then a month or 2 ago he got a message saying "We are having issues confirming your MS 365 subscription status because of a network error or a temporary service issue". Later he got "Your subscription could not be confirmed" and now "AADSTS9002313: Invalid request. Request is malformed or invalid."
Here is the result:
PRODUCT ID: 00265-60000-00004-AA650
SKU ID: 3d0631e3-1091-416d-92a5-42f84a86d86
LICENSE NAME: Office 16, Office16O365Busine
LICENSE DESCRIPTION: Office 16, RETAIL(Grac
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F009
ERROR DESCRIPTION: The Software Licensing S
expired.
PRODUCT ID: 00219-40000-00000-AA630
SKU ID: e13ac10e-75d0-4aff-a0cd-764982cf541
LICENSE NAME: Office 15, OfficeVisioProVL_K
LICENSE DESCRIPTION: Office 15, VOLUME_KMSC
BETA EXPIRATION: 01-01-1601
LICENSE STATUS: ---NOTIFICATIONS---
ERROR CODE: 0xC004F056
ERROR DESCRIPTION: The Software Licensing S
d not be activated using the Key Management
Last 5 characters of installed product key:
DNS auto-discovery: KMS name not av
Activation Interval: 120 minutes
Renewal Interval: 10080 minutes
KMS host caching: Enabled
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 39%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEB%3C/text%3E%3C/svg%3E)
2 people in my organization have the same error.
Request Id: 20894b50-a4b5-4600-a681-606c02fc9f01
Correlation Id: 62d336de-9764-4598-9ffb-2039a03006da
Timestamp: 2021-08-05T14:10:26Z
Message: AADSTS9002313: Invalid request. Request is malformed or invalid.