none
Outlook 365 2016 Trusted Platform Module error code 80090016 RRS feed

  • Question

  • I have quite a few machines where after launching Outlook and trying to authenticate, they get a "something went wrong" error that Trusted Platform Module has malfunctioned, error code 80090016.  The server message is "Keyset does not exist Keyset does not exist".

    If different users log in on the same computers, their Outlooks functions properly.  So I assume it's something just in those users' profiles, but I'd prefer not to delete the users' profiles if there is a fix that could be done to each instead.  Anyone know how to fix this without completely deleting the user profile off the machine?

    Here's the output of dsregcmd /status from a profile with the TPM error

    +----------------------------------------------------------------------+
    | Device State                                                         |
    +----------------------------------------------------------------------+
     
                 AzureAdJoined : NO
              EnterpriseJoined : NO
                  DomainJoined : YES
                    DomainName : MyDomainIsHere
     
    +----------------------------------------------------------------------+
    | User State                                                           |
    +----------------------------------------------------------------------+
     
                        NgcSet : NO
               WorkplaceJoined : NO
                 WamDefaultSet : ERROR
     
    +----------------------------------------------------------------------+
    | SSO State                                                            |
    +----------------------------------------------------------------------+
     
                    AzureAdPrt : NO
           AzureAdPrtAuthority : NO
                 EnterprisePrt : NO
        EnterprisePrtAuthority : NO
     
    +----------------------------------------------------------------------+
    | Diagnostic Data                                                      |
    +----------------------------------------------------------------------+
     
                 Diagnostics Reference : www.microsoft.com/aadjerrors
                  User Context : SYSTEM
                   Client Time : 2019-03-22 14:29:39.000 UTC
          AD Connectivity Test : PASS
         AD Configuration Test : FAIL [0x80070002]
            DRS Discovery Test : SKIPPED
         DRS Connectivity Test : SKIPPED
        Token acquisition Test : SKIPPED
         Fallback to Sync-Join : ENABLED
     
         Previous Registration : 2019-03-22 14:29:04.000 UTC
                   Error Phase : discover
              Client ErrorCode : 0x801c001d
     
    +----------------------------------------------------------------------+
    | Ngc Prerequisite Check                                               |
    +----------------------------------------------------------------------+
     
                IsDeviceJoined : NO
                 IsUserAzureAD : NO
                 PolicyEnabled : NO
              PostLogonEnabled : YES
                DeviceEligible : YES
            SessionIsNotRemote : YES
                CertEnrollment : none
                  PreReqResult : WillNotProvision

    But here is the output from the same machine but under a new user profile for another user (I put stars where there was data I didn't feel appropriate to share publicly)

    +----------------------------------------------------------------------+
    | Device State                                                         |
    +----------------------------------------------------------------------+

                 AzureAdJoined : NO
              EnterpriseJoined : NO
                  DomainJoined : YES
                    DomainName : MyDomainIsHere

    +----------------------------------------------------------------------+
    | User State                                                           |
    +----------------------------------------------------------------------+

                        NgcSet : NO
               WorkplaceJoined : YES
              WorkAccountCount : 1
                 WamDefaultSet : NO

    +----------------------------------------------------------------------+
    | SSO State                                                            |
    +----------------------------------------------------------------------+

                    AzureAdPrt : NO
           AzureAdPrtAuthority : NO
                 EnterprisePrt : NO
        EnterprisePrtAuthority : NO

    +----------------------------------------------------------------------+
    | Work Account 1                                                       |
    +----------------------------------------------------------------------+

             WorkplaceDeviceId : *****************************
           WorkplaceThumbprint : *****************************
                  WorkplaceIdp : login.windows.net
             WorkplaceTenantId : *****************************
           WorkplaceTenantName : *****************************
               WorkplaceMdmUrl : https://wip.mam.manage.microsoft.com/Enroll
          WorkplaceSettingsUrl :
                        NgcSet : NO

    Sunday, March 24, 2019 11:36 PM

All replies

  • Hi RJO22,

    >>I have quite a few machines where after launching Outlook and trying to authenticate, they get a "something went wrong" error

    Do you mean these users cannot log on email account in Outlook client? Would you mind provide a screenshot for further research?

    If you add another account to their profile, will same error occur?

    What’s your account type? Exchange, POP or IMAP?

    As here we mainly focus on issues regarding Office desktop client, I'm not so familiar with Trusted Platform Module.

    We can try opening Outlook in safe mode and then check if accounts can be added correctly. Please exit Outlook, press Win key + R to open the Run command, type outlook.exe /safe and then press Enter. This helps eliminate whether the problem lies on any third party add-ins.

    Besides, in case data file was corrupted, we can also repair data file.

    If I’ve misunderstood anything, please feel free to post back.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 25, 2019 6:27 AM
    Moderator
  • Yes, you open Outlook, then when prompted for credentials for SSO, you get that TPM/keyset error.  So I'm not sure if it's directly related to Outlook or the credential management for Outlook within Windows, but Outlook is the only app experiencing this so thought it best to post here.
    Monday, March 25, 2019 1:46 PM
  • Hi RJ022,

    I had similar issues in our three Dell Latitude laptops. I just uninstalled the "Trusted Platform Module 2.0" in Device Manager and restart the computer. After reboot, that error was gone and outlook working as normal. It seems like the Trusted Platform Module driver was corrupt.

    

    


    Binod Shrestha


    • Edited by Binod-Shrestha Monday, March 25, 2019 8:44 PM
    • Proposed as answer by Juraj24 Friday, August 16, 2019 11:02 PM
    Monday, March 25, 2019 8:12 PM
  • Hi RJ022,

    Does the reply from Binod Shrestha work for you? Have you tried safe mode?

    If issue continues, do you have any antivirus software running on this PC? We can also temporarily close them to see if it was related with their integration with Outlook.

    Besides, if convenience, you can share a screenshot here of this error for further research.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, March 26, 2019 5:15 AM
    Moderator
  • I did not try uninstalling the TPM device yet, have not had a chance, as it only impacts one user on the machine who has an existing profile, but any user who signs in afterward with a new profile does not experience the issue. 

    Already tried disabling the AV software, but again, it works fine for new profiles on the same machine when the AV is running, so I don't think that is it either.

    Here is a screenshot of the error, i blurred out the ID which I believe is specific to machine but doesn't really add much to the troubleshooting from what i read.

    Tuesday, March 26, 2019 12:37 PM
  • Hi,

    >>as it only impacts one user on the machine who has an existing profile, but any user who signs in afterward with a new profile does not experience the issue. 

    I haven't found related articles about this error. We can test this issue in a new profile for this user. Considering your concern, please do not delete the original profile.

    Besides, in case this issue was caused by software conflicts, please try performing a clean boot in Windows to check the result.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, March 27, 2019 5:18 AM
    Moderator
  • How would I give them a new profile while preserving the original profile to test this?
    Wednesday, March 27, 2019 12:37 PM
  • Hi RJ022,

    Yes recreating profile for that user will work because I also did that in one of my computer. But I found removing TPM driver easier way to fix that error.

    Anyway, here are the steps to recreate new profile without losing user's data

    1. Go to the "C:\Users\" folder and rename the folder (eg: user.old)  for that users to preventing files form deletion while removing profile.

    2. Open the "regedit" and remove that user form "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList". Reboot the PC

    3. Have that user to log in so Windows will create a profile for him/her

    4. Move his/her files from old profile folder to new


    Binod Shrestha

    Wednesday, March 27, 2019 2:49 PM
  • Do I need to rename the existing folder in c:\users so it doesn't re-use that one or overwrite it?
    Wednesday, March 27, 2019 3:27 PM
  • Yes you need to rename only the user's profile folder who has TPM error so new profile does not overwrite it.

    Binod Shrestha

    Wednesday, March 27, 2019 3:40 PM
  • So doing so confirmed that the problem is indeed in the original profile.  New profile does not have the error, if we restore the original profile, the error returns.
    Wednesday, March 27, 2019 4:50 PM
  • Hi RJO22,

    I'm so glad to see that a new windows profile works for you.

    Currently, you can directly use the new profile. If you are still concerning about the old profile, you can also follow Binod Shrestha's suggestion to remove TPM drive.

    By the way, if the reply above is helpful to you, it's recommended to mark it as answer so that it will benefit other users a lot.

    Have a nice day!

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 28, 2019 6:24 AM
    Moderator
  • A new Windows profile isn't really the "answer" though, I'm looking for how to fix the existing profile without having to recreate it new.  Uninstalling the TPM driver when it's only 1 user on the machine doesn't really seem like the true answer either if that does indeed work.  What is it in the existing profile that is broke and how do we fix that, since we confirmed it is indeed something within that existing profile?

    Thursday, March 28, 2019 12:13 PM
  • Hi RJO22,

    There are many related files in the windows profile. It's hard to directly tell the root cause. Here we mainly focus on issues regarding Office desktop client. As it works in a new Windows profile, you can try following steps to troubleshooting this issue:

    1. Close Outlook if it is running.
    2. Start Registry Editor.
    3. Browse to the following registry location:
    4. HKEY_CURRENT_USER\Software\Microsoft\Office\16.0
    5. Rename this key to \16.0-old.
    6. Restart Outlook.

    After you do this, Outlook performs a new first-run start. Therefore, Outlook should prompt you for your user name and initials again.

    Besides, although only one user encounters this issue, but we cannot directly rule out this reason (TPM driver). Many aspects could be affected.

    In addition, it seems that following the suggestion from Binod Shrestha to create a new profile doesn't lose any personal data, right? If you have all available files in this profile, you can directly use this new profile. This may not be the best answer, solving the problem for you is what we care most about :-)

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, March 29, 2019 8:39 AM
    Moderator
  • Hi Perry.  Following those steps did not solve the issue either.

    If the TPM driver is the same for the entire machine, and only one existing profile experiences the behavior, I'm not sure how that machine-wide driver would be the cause here, especially based on giving a new Windows profile for that user does not experience the issue.

    I understand how creating a new profile then moving all the user files back to the new profile from the bad profile is an option, but I'm more looking for a true fix for the existing profile, as opposed to a workaround.  Imagine if the scale of this was 100,000 users/PCs, that's quite a lot of profiles to remove/recreate/move data back into, as opposed to performing a fix to the existing profile :)

    Friday, March 29, 2019 1:52 PM
  • I'll do more research. Currently, please use the new profile as a workaround.

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 1, 2019 9:34 AM
    Moderator
  • Glad I found this, I am also experiencing this same error. Before I found this post, when I created a new profile the problem did not go away.  Awaiting reply on the removal of the device - TPM.
    Tuesday, April 2, 2019 12:26 PM
  • Hi Perry, did you happen to uncover anything else?
    Friday, April 5, 2019 8:56 PM
  • Hello,

    I'm experiencing the same issue after upgrade Windows 10 Home to Pro and migrate the user session. Impacting 40 users for me ...

    Perry ? Did you find something new ?

    Thank you !

    • Proposed as answer by JCTRL Friday, April 12, 2019 8:31 AM
    • Unproposed as answer by JCTRL Friday, April 12, 2019 8:31 AM
    Monday, April 8, 2019 10:19 AM
  • Hello,
    I have find this topic (http://forum.forensit.com/forum_posts.asp?TID=1633) and, after using o365c1 software and reboot, Outlook now works correctly for us.
    Sorry i can't add hyperlink, my account isn't verified yet.
    Regards


    • Proposed as answer by JCTRL Friday, April 12, 2019 8:38 AM
    • Unproposed as answer by RJO22 Sunday, April 14, 2019 9:18 PM
    Friday, April 12, 2019 8:38 AM
  • What is that utility?  is it free for anyone to use?  What does it do?
    Sunday, April 14, 2019 9:18 PM
  • What's the detailed version of Windows and Outlook? Have you tried performing a clean boot in Windows?

    Besides, do you have multiple TPMs running on this PC?

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, April 17, 2019 4:51 AM
    Moderator
  • They are all Windows 10, varying from 1703 and higher.  Office 365/2016, should be current to only a few releases behind.   Do not have multiple TPMs running AFAIK.
    Wednesday, April 17, 2019 1:21 PM
  • I checked recent KB updates of Windows 10 and they didn’t mentioned this error in Outlook.

    This error messages seems that the intergation between Outlook and TPM was corrupted. Have you tried reinstalling Office? On Office side, we can reinstall Office. As new profile doesn’r make any difference, this issue doesn’t lie on user’s profile. After reinstalling, they can still use the original profile.

    I also searched articles regarding TPM. One troubleshooting step is to reset TPM. You may check this: Trusted Platform Module: How do I reset it?

    Troubleshoot the TPM

    If you haven’t made any important customizations in TPM, we can restart or reset TPM in case it was related with some settings.


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 22, 2019 4:33 AM
    Moderator
  • Have tried both a quick and full repair of Office, even using the removal tool online then reinstalling it.  To clarify, a new Windows profile on the machine makes a difference, not a new Outlook profile.  No customizations in TPM at all on any of the machines with the Outlook issue.  No other apps throw a TPM error on the machine except Outlook.   I really don't think it has anything to do with machine-wide settings such as the TPM chip, due to all the info stated above, considering the issue is tied to only that instance of the user's Windows profile, as it doesn't occur for other users who get a new profile, or that same user if you create them a new Windows profile.

    Sounds like Microsoft does not have a solution or a "fix it" yet for this particular error?

    Monday, April 22, 2019 12:17 PM
  • Hi,

    As this issue cannot be reproduced in the new windows profile, it should be that one or some components are corrupted or a conflict occurs with the registered component.

    It’s hard to tell which one was damaged that may need checking logging files with a higher technical ability. Considering this case, you could directly use the new windows profile.

    Thank you for your understanding and support!

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 23, 2019 8:59 AM
    Moderator
  • Thanks.  Disappointing there isn't a fix for this from Microsoft, as it appears I'm not the only one having the issue.  Guess we will have to wait for a fix.
    Tuesday, April 23, 2019 12:09 PM
  • Thank you for your understanding~

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, April 24, 2019 12:49 AM
    Moderator
  • You're not the only one having this issue.  We have a few computers/users that are experiencing the same issue in my company.  
    Wednesday, April 24, 2019 2:40 PM
  • Ditto. I found that the user had a weird issue where stored passwords and cookies seemed to stop working or go missing. Also, they are having display issues in Excel of some sort. May all be related to the profile. I put in an O365 ticket. The forums know nothing.
    Thursday, April 25, 2019 12:05 AM
  • Same issue here, after migrating computers to a new domain. This worked for me:

    Shut down Outlook and set the following registry key. (Disables modern authentication)

    HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\

    REG_DWORD   

    EnableADAL

    0


    • Proposed as answer by James_E12 Thursday, April 25, 2019 2:57 PM
    Thursday, April 25, 2019 1:56 PM
  • Same issue here, after migrating computers to a new domain. This worked for me:

    Shut down Outlook and set the following registry key. (Disables modern authentication)

    HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\

    REG_DWORD   

    EnableADAL

    0


    This worked for me. 

    This issue happened to me after I tried to open Outlook while connected to a different company's network.

     

    Thursday, April 25, 2019 2:58 PM
  • Interesting.  So what does that DWORD actually do? or make Outlook stop trying to do so it will work?   do you have to remove that DWORD later on?
    Thursday, April 25, 2019 3:10 PM
  • Interesting.  So what does that DWORD actually do? or make Outlook stop trying to do so it will work?   do you have to remove that DWORD later on?

    The registry key EnableADAL is used to enable modern authentication. I'm not sure how it was related with this TPM error. It would be much great if this works for all of you. Thanks for the Kokhustomten’s sharing.

    You can check this official article:

    Enable Modern Authentication for Office 2013 on Windows devices



    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 26, 2019 9:19 AM
    Moderator
  • We are having the same exact issue here and for what I can observed it is related to the fact that the MS work account need to register the device in Azure/365 tenant. It seems that on the systems with the issue something get corrupted on the client (Profile or TPM) that is the "mystery" to resolve. The user that had the issue is able to register in another computer and all gets in place. On the original device where he had the issue I was able to resolve by trashing the profile and creating a new one. But because we needed to understand why this was happening I went ahead, decrypted the HD, clear the TPM and set everything back on by reconfiguring Bitlocker and then the issue returned, all 365 apps are ok but Outlook that does not communicate.

    Try several things even removing the device from Azure with no luck.

    I just tried the o365c1 mentioned above and it worked. Outlook is connecting, however it didn't register the device in Azure. 

    In addition, this user on this particular computer is no able to set up a "work or school account" or show "Email & app accounts" 

    Friday, April 26, 2019 9:28 PM
  • This Fixed my problem! THanks!! I transferred to new computer Win Home version versus Win Pro. O365 software. 
    Sunday, May 5, 2019 7:04 PM
  • Same issue on a Dell Precision. No luck following all the suggestions, so i believe last chance is recreating user profile from scratch? 
    Monday, May 6, 2019 9:56 AM
  • what have you done exactly?
    Monday, May 6, 2019 9:56 AM
  • O mesmo problema, depois de migrar os computadores para um novo domínio. Isso funcionou para mim:

    Encerre o Outlook e defina a seguinte chave do Registro. (Desativa a autenticação moderna)

    HKCU \ SOFTWARE \ Microsoft \ Office \ 16.0 \ Common \ Identity \

    REG_DWORD   

    EnableADAL

    0


    Excelente, funcionou perfeitamente no meu caso, ja havia tentado varias opcoes, vindo ate a formatar equipamento por causa disso.
    Monday, May 6, 2019 9:24 PM
  • This isn't a good solution either. as you are disabling modern auth for that user.  Basically your allowing your end users to send their passwords in an easily compromised hash.

    Modern auth is the root cause of the issue.  The fix should involve clearing the TPM module and resetting something in the user profile.

    We have this issue as well for the handful of users we had swapped into new Laptops, just moved over their old HDD.

    The problem presented itself when we discovered that Modern Auth wasn't enabled for our O365 Tenant and turned it on.

    Unfortunately I've not found the correct order of operations to fix or recreate the keys needed for Modern Auth...  Still looking.

    Monday, May 6, 2019 9:24 PM
  • https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753694(v=ws.11)

    Just found this little nugget too, there's a management snap-in for clearing and re-initializing the TPM.  I have some testing to do.

    Monday, May 6, 2019 9:36 PM
  • Do This

    Outlook: Something Went Wrong Error 80090016

    Regards,

    Pete


    Regards Pete Long http://www.petenetlive.com

    Friday, May 10, 2019 8:41 AM
  • So I'm seeing this trending... has anyone correlated this with a root cause?
    Friday, May 10, 2019 3:56 PM
  • FYI 

    when i put the reg key in to disable modern authentication, 'ADAL' this maybe fixed the outlook issue, but caused havoc with sharepoint sync files....

    absolute torturous time when doing that

    Friday, May 17, 2019 10:07 AM
  • I have also tried all the above suggestions and none of which have worked.  One thing that has worked each time was to to uninstall office and reinstall office.  By no means is this convenient, but it is better than recreating the users profile.

    Sometimes we have gotten another error along with this after the reinstall stating that another account is already logged into the machine so outlook would not load.  If you get this, open word and sign out of every account by the user and then open outlook.

    Hope this helps someone else.

    Chris

    Monday, May 20, 2019 3:14 PM
  • Hi,

    Windows profile re-creation worked for me, error gone away.

    Thanks,

    Arunkumar Ponraj

    Tuesday, May 21, 2019 2:22 PM
  • This isn't a good solution either. as you are disabling modern auth for that user.  Basically your allowing your end users to send their passwords in an easily compromised hash.

    Modern auth is the root cause of the issue.  The fix should involve clearing the TPM module and resetting something in the user profile.

    We have this issue as well for the handful of users we had swapped into new Laptops, just moved over their old HDD.

    The problem presented itself when we discovered that Modern Auth wasn't enabled for our O365 Tenant and turned it on.

    Unfortunately I've not found the correct order of operations to fix or recreate the keys needed for Modern Auth...  Still looking.

    This also happened to me after switching my old SSD into a new laptop - same hardware, obviously a different TPM chip though. So, how do we reset the TPM chip on local PC and the user profile in Azure? I've tried initializing the TPM, clearing out the settings from both Windows and the Bios, no luck. I tried uninstalling the driver and rebooting, that didn't work either. I've also tried clearing out all Windows credentials on the pc, and doing a full online repair of Windows - no dice. I agree with Brian, there's a multi-step solution that hasn't been provided yet...
    Tuesday, May 21, 2019 8:11 PM
  • Hi RJ022,

    Yes recreating profile for that user will work because I also did that in one of my computer. But I found removing TPM driver easier way to fix that error.

    Anyway, here are the steps to recreate new profile without losing user's data

    1. Go to the "C:\Users\" folder and rename the folder (eg: user.old)  for that users to preventing files form deletion while removing profile.

    2. Open the "regedit" and remove that user form "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList". Reboot the PC

    3. Have that user to log in so Windows will create a profile for him/her

    4. Move his/her files from old profile folder to new


    Binod Shrestha

    So, after not being able to use Office / OneDrive / SharePoint at all locally on my computer, I finally invested the time try this fix even though it's frustrating and likely just a simple file ownership / permission issue in Windows that hasn't been pinpointed yet. This worked for me, I would add to remember to show hidden files and get the AppData folder and subfolders copied into the new profile as well so you get app settings / bookmarks / apps installed to that location / etc. copied over as well
    Wednesday, May 22, 2019 6:01 PM
  • We are experiencing a similar TPM issue (error message is different: 0x80280036 "The TPM is attempting to execute a command only available when in FIPS mode")

    It boils down to Windows 10 thinking, right or wrong, that the TPM chip on our Dell Latitude E6x40 and E7x40 models does not support FIPS 140-2. Even though they're supposed to be compatible (they are Atmel 1096043852 with hardware revision 41.1, and Dell claims these laptops are FIPS validated).

    The error shows up for any user who is enrolled for MFA and launches any of the Office 365 apps (version 1808 is what we're using) on a Windows 10 1809 system. We haven't tested with older versions of Windows and/or Office.

    We can disable ADAL entirely (using the "EnableADAL=0" registry key) but that defeats the purpose of MFA. However, we have had good results with adding "DisableADALatopWAMOverride=1" in the same Office registry key "HKCU\Software\Microsoft\Office\16.0\Common\Identity"

    When we do that, we still get the MFA prompt but then it does NOT show the screen asking about "Use this account everywhere on your device". Basically it acts the same as if you got that screen and clicked "This app only".  It will NOT "workplace join" the device to your Azure account.

    As best I can figure, Windows thinks the TPM is not FIPS compatible and can't store the certificate from Azure AD, so it throws the error. I guess that's better than the "looping authentication" it used to do before. But either the TPM capability detection is wrong for this Atmel chip, or maybe this TPM chip really is missing some feature that's required.

    The Latitude E7x50 laptops use the same Atmel chip, but a newer hardware revision which does not have the same problem. I did find some obscure mention that Atmel may have added some features in revision 42+, so maybe these E6440, E6540, etc. models just missed some production deadlines.

    FYI, this may also affect even older Latitude E6330, E6430 models that use an even older revision of the Atmel (37.x). We're getting rid of any of those we still have so I haven't tested them to see if the issue shows up.


    Thursday, May 23, 2019 5:14 PM
  • @AaronBI this seems like a separate issue. Also, I don't recommend disabling modern authentication as a solution. You may want to start a new thread.
    Friday, May 24, 2019 6:28 PM
  • @AaronBI this seems like a separate issue. Also, I don't recommend disabling modern authentication as a solution. You may want to start a new thread.

    Thanks. Fortunately using "DisableADALatopWAMOverride" does not disable modern auth. The only impact seems to be that it doesn't do a workplace join, but since apparently these specific TPM chips are treated by Microsoft as incompatible with FIPS, that doesn't matter because it will never be able to workplace join anyway. It's more to prevent distractions or error messages from showing up to end users.

    It may be a different issue than the original post, but I wanted to add some extra context in case it helps anyone out. It may also assist with anyone that has a malfunctioning TPM chip, not just the FIPS issue we're seeing.

    Tuesday, May 28, 2019 4:53 PM
  • You aren't the only one. All I see is runaround solutions or workarounds that don't address the issue. I'm waiting for someone to suggest reinstalling Windows to fix the problem..

    Thursday, May 30, 2019 5:09 AM
  • I'm also still experiencing the issue, where attempting to sign into O365 PP 1808 on Win 10 1803 results in the 80090016 "Keyset does not exist" error. I'm not keen on disabling modern auth, but I may evaluate the DisableADALatopWAMOverride method.
    Friday, June 7, 2019 3:12 PM
  • I was getting the exact same error message when users were trying to open Office client from O365 online.  I tried everything but then found that when I changed their network profiles to roaming instead of mandatory profiles, everything started working again.
    Wednesday, June 12, 2019 2:55 PM
  • This did not work for me
    Thursday, June 13, 2019 1:59 PM
  • Hi everyone,

    Been wrestling with this all day, our 2 newest members both had the issue. The only difference between them is I logged into their accounts (so they wouldn't have to set their own accounts up on their start day) BEFORE MFA had been set up on their O365 account. Once MFA was set up on O365 the next time the rebooted their machines and logged in the TPM error happened. Nuke the profile (or the entire OS) and set it up again (AFTER enabling MFA) and it will work, and in future set up MFA prior to logging in for the first time.

    Friday, June 21, 2019 3:55 PM
  • Hi everyone,

    Been wrestling with this all day, our 2 newest members both had the issue. The only difference between them is I logged into their accounts (so they wouldn't have to set their own accounts up on their start day) BEFORE MFA had been set up on their O365 account. Once MFA was set up on O365 the next time the rebooted their machines and logged in the TPM error happened. Nuke the profile (or the entire OS) and set it up again (AFTER enabling MFA) and it will work, and in future set up MFA prior to logging in for the first time.

    I'm discovering what I think is the same thing. My previous testing when using the "DisableADALatopWAMOverride" registry key was with my own account that already had MDM+MFA enabled. With that reg key in place, it doesn't prompt to workplace join when I sign in to Office the first time. Great!

    However, for someone who isn't MFA enrolled yet, and they've already signed in to Office on one of these older Dells with an apparently incompatible TPM chip (Atmel with a revision <= 41.1), when they do get MFA enabled it seems to still want to trigger that "workplace join".

    We're still in the early phases of testing that, so I'm not entirely sure that's the correct chain of events involved, but something is definitely different in the real world versus my own testing.

    I have a feeling I could disable modern authentication entirely with EnableADAL=0 and that would supersede anything else happening, but that seems a little extreme. Unfortunately, documentation for either of those registry keys is sorely lacking and usually second/third hand, so the effects are murky.

    Monday, June 24, 2019 11:04 PM
  • Did you ever figure this out, Brian Wing? My case is similar. Copied user's HDD to SSD and put in new laptop, and is now getting this error when trying to sign in to OneDrive.
    Tuesday, June 25, 2019 9:20 PM
  • Do This

    Outlook: Something Went Wrong Error 80090016

    Regards,

    Pete


    Regards Pete Long http://www.petenetlive.com

    People need to stop posing disabling Modern Auth as the fix to this issue, it's an AWFUL solution which

    compromises security and locks the client into legacy authentication modes. This might be ok for a home pc but this is unacceptable for an enterprise joined client.  It will break any Azure single-signon for starters

    Wednesday, June 26, 2019 1:43 AM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    Wednesday, June 26, 2019 1:53 AM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    I can confirm this worked for me as well.
    Tuesday, July 2, 2019 7:57 PM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    worked for me, thank you sir.
    Tuesday, July 9, 2019 1:33 AM
  • Please clarify - " Rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    Rename to what ....?

    Monday, July 15, 2019 2:03 PM
  • to anything, just add .old at the end.
    Tuesday, July 16, 2019 5:16 AM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    This worked for us also on a Dell Vostro laptop - thanks for sharing.  This seemed to coincide with enabling modern auth on our tenancy.  Also - this user didn't have MFA enabled on her account at the time it happened, after enabling MFA it still didn't fix the issue.  However I'd guess creating a new Windows profile would have resolved the issue.

    @Geezer32 Can I ask how/where you worked this out?


    Wednesday, July 17, 2019 10:53 AM
  • I want to add that for me, the user has NO issues with Outlook, but has a problem when trying to run a script fro our SharePoint site that generates an Excel file. I had her disconnect her O365 account from Excel/Word, and now we can't log back in. Cannot connect to OneDrive either, as we have OneDrive set up to back up user folders and I wanted to make sure that was done before clearing the TPM chip. User is remote, the computer was Azure joined months ago. Why would it suddenly stop working now? Checking email through Outlook is fine, so all the solutions for fixing an Outlook error are not going to do much since that's not the problem. The user can also log into SharePoint fine on Chrome. But try from IE or Edge, and she gets an error that her account doesn't exist - even stranger!

    She is a remote user, so I can't easily put hands on the computer to create a new profile. I'm afraid I'm going to have to have her back up her data to a USB drive and try the TPM clearing option. But as multiple people have said, that's not a fix - that's a work around. A real fix needs to be issued, as I'm afraid this is going to come up with more users.

    Friday, July 19, 2019 12:10 PM
  • You are a life saver - thank you for this fix.

    I was having to bodge it with turning off ADAL in the registry until I found your solution. 

    Thank you very much.


    Technonath

    Tuesday, July 23, 2019 1:56 PM
  • Disable ADAL atop of WAM Override, can break conditional access as well. It's okay to use it to troubleshoot and it'll tell you if you have networking condition that causes WAM to fail.

    In case anyone is wondering, WAM is the tokenbroker service running on Windows 10 machine. Best option for troubleshooting these issues are the following:
    1. determine if client is configured for WPJ, Domain join with device registration, or hybridAADjoined

    2. If WPJ, disconnect reconnect Office account, if AADJoined, leave AAD and reboot, this is device recovery and resolve most of the issues

    3. If federated, make sure mex end point can be reached

    4. Test login.microsoftonline.com, sign in and ensure it lands on www.office.com, if not, then fw/proxy is blocking 

    Since this is TPM issue though, first, for 1803 builds, I'd make sure KB 448989 is applied.

    Addresses an issue that prevents a user from authenticating and causes Windows Account Manager (WAM) to fail when using a Trusted Platform Module (TPM). 

    There is also a key you can use to have Office store private key and cert somewhere other than TPM to confirm TPM is issue. 

    Ultimately, aplications and services logs / Microsoft /windows /aad or /userdeviceregistration will tell you if TPM is an issue. Look for anything keyset or cannot find cert error.

    From experience, most TPM issues are resolved pretty quickly by either firmware update, "clear TPM" from tpm.msc(does take few to rebuild), or there's a healthy dose of TPM info in https://docs.microsoft.com/en-us/office365/troubleshoot/administration/connection-issue-when-sign-in-office-2016.

    Tuesday, July 23, 2019 9:13 PM
  • There is a reg key to block WPJ dialogue on builds 1803+
    Tuesday, July 23, 2019 9:21 PM
  • Was about to go down the disable Modern Auth road, but kept reading this thread and thankfully found this solution and it Worked!

    Thank you, Geezer32

    Monday, July 29, 2019 6:47 PM
  • I received this error from outlook only ( I was able to use Skype for Business, as well as email on my phone) the day after changing my AD password, but don't even have TPM enabled, let alone have one installed. Ergo, this reg. entry did nothing for me.

    On a off-chance, I logged out of all Microsoft accounts, disconnected from our LAN and connected to our Wifi, then attempted to login to Outlook.

    For whatever reason, this resolved my issue. Confirmed by reconnecting to LAN, rebooting, reconnecting, etc. FWIW.

    Wednesday, July 31, 2019 2:54 PM
  • This was the solution for me. Had 2 users with the same error. Worked like a charm, thanks!
    Wednesday, July 31, 2019 4:36 PM
  • For anyone battling this, give this a shot if all else fails:  install "fiddlercap" ( from the Telerik website) , launch it and choose to 'Decrypt HTTPS' traffic and allow it to install the temporary private root certificate on the PC.  Open Outlook and in almost every instance the 'keyset error' and/or authentication loops we were experiencing with Outlook go away immediately ( all of our machines have bit locker enabled). 

    I'd be curious to know if it is just our environment/case or if same results for others here.

    Definitely sounds crazy I know, but it worked (obviously not a solution), but ideally it may help lead to one.

    (P.S. if you want FiddlerCap gone and the cert it installed gone, just uninstall FiddlerCap.)
    • Edited by ma che ohhh Wednesday, July 31, 2019 7:55 PM additions
    Wednesday, July 31, 2019 7:52 PM
  • This was sheer genius. Exactly what was required and it worked just as explained. I did have to do a little background work on getting the Administrator account set up independently of my own user ID but after that, all worked perfectly.

    Although the guidance is here that the Malfunction error will pop up once but to try again, I did initially groan but on the second attempt it worked. I had to do it on two more accounts that needed adding and the sames steps, the same outcome - like a charm.

    Found I had to do it on my other machine too, so suspect there's something associated with my profile, not sure.

    Tuesday, August 13, 2019 10:41 AM
  • I did a user desktop migration on Windows 10 Pro computers from a non-domain environment to a domain environment.

    I used profwiz tool to perform the migration and configuration so that the profile data is retained.

    After the exercise, editing documents that are sync-ed to Onedrive gave the error that my TPM is 'malfunctioned' and I need to reset.

    If I follow the steps here - https://windowsreport.com/computer-trusted-platform-malfunctioned, it seems that I'll lose information on encrypted data.

    I then proceed with the steps to remove the tpm 1.2 drivers from device manager and after a reboot, the problem disappeared and onedrive was able to sync as before without errors.

    Saturday, August 17, 2019 3:14 AM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    Well done, yes worked for me also
    • Proposed as answer by John Kirkby Monday, August 19, 2019 7:33 AM
    Monday, August 19, 2019 7:33 AM
  • This did not work for me :-(

    Dino Caputo (Skype for Business MVP, BA | MCSE | MCTS:OCS/Lync) http://www.ucguys.com http://www.enableUC.com

    Monday, August 26, 2019 8:41 PM
  • Are you using a new laptop with a hard-disk swapped in from a failed one?

    This is what was behind my getting this error.

    The solution for me was using `Disable device` for my laptop on: "https colon-slash-slash account.activedirectory.windowsazure.com/r#/profile" and then reconnecting Outlook to my O365 account on my laptop. Now everything is working normally again.

    HTH,
           Wayne Plummer - Squared Up Ltd.

    Tuesday, September 17, 2019 10:00 AM
  • C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    Thank you. Can confirm this worked


    /Michael


    • Edited by MrMvp Thursday, October 17, 2019 8:26 AM
    Thursday, October 17, 2019 8:26 AM
  • Well, this seems to happen when TPM chip information is incorrect in Windows ie. due to hardware replacement etc...

    do this to solve it....

    Manage-bde -protectors -delete C: -type TPM
    Manage-bde -protectors -add c: -tpm

    Tuesday, October 22, 2019 3:02 PM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    Confirm, it work for me.

    My case is after migration workstation from one domain to another domain. One of the user profile on that machine has that TPM error.

    After rename that folder, start Outlook, I get the TPM error 2 times, after that, no more error. Outlook start normally. Reboot the machine, Outlook normal with no TPM error.

    Thanks. Great work. Before I see that post, my solution is to re-create new user profile.


    Saturday, October 26, 2019 5:37 PM
  • thats work for me! Thank you!
    Tuesday, November 5, 2019 7:48 AM
  • Perfect solution - resolved my problem on a Lenovo laptop which had got a new systemboard!

    Thanks!

    /Johan Niordson

    Thursday, November 7, 2019 3:07 PM
  • I OFFICIALLY LOVE YOU! This worked perfectly, thank you, thank you THAAAANK YOU!
    Sunday, November 10, 2019 11:01 PM
  • The solution for me was to rename this folder:

    C:\users\$dir\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    This needs to be done with the affected user logged off, ie log on as a different admin user or do it from a network share.  the folder will get recreated when the user logs on next.

    Start Outlook, you will need to enter password again, you will get asked to workplace join again "say yes to allow my organization to manage this device"  it may still throw the 'Something went wrong, TPM error' but ignore this and Outlook should continue to load again. The TPM error will only occur once.

    I have tested this on many different affected systems with 100% success rate

    Worked for me :)
    Monday, November 11, 2019 2:33 AM
  • SOLVED

    I have confirmed that the problem was related to incomplete GPO download over VPN. In my case, I was able to run GPUPDATE /FORCE after loggin onto the VPN as a domain joined device.

    On other devices where I was still getting problems, I simply opened up the local firewall for 30 seconds to allow the gpupdate /force to come down unhindered by any firewall.

    I hope this will help someone :)

    Greppy

    Monday, November 11, 2019 11:28 AM