Office 365 Pro Plus Not Activating on Windows 10 1511 update

As of the recent Windows 10 1511 update Office 365 Pro Plus 2016 no longer activates, in fact when you try to activate it you end up with a cryptic Http Bad Request error after logging in. These few fixes can help get your users back up and running like it did for us.

Http Bad Request When trying to Activate

The underlying problem stems from Internet Explorer 11 not passing the intranet site credentials and windows authentication being activated in your global settings in the ADFS farm. This matters because, the underlying activation engine of Office 365 Pro Plus leverages Internet Explorer in your operating system.

Interestingly enough there seems to be some speculation in the forums, that the ADFS url’s are exceeding length parameters. In our investigation, we did notice, the token from the ADFS servers were not being passed back, even after entering the proper credentials.

SSL Cert Not bound to the IP addresses both internal and external

When ADFS is installed the http SSL cert is only bound to localhost:443 and the service url’s that you are using for the adfs farm. If you have any applications that are leveraging SNI (Skype for Business on Android is a perfect example of this) you will not be able to login without performing the following fix.

The underlying issue is that the IP addresses are not associated with the certificate and the application id for ADFS. Adding all of the internal and external IPs that are associated with the ADFS environment resolves this issue. Take note that this needs to be done on every ADFS server in the farm. Microsoft has documented this well in this KB article. This shows how bind the certificate to your IP’s for the ADFS environment. This KB is the resolution that needs to be performed to mitigate any issues associated with an SNI-Client authentication.

Windows Authentication is enabled internally and Internet Explorer 11 will not resolve the site page HTTP Bad Request (400) error

The fix that we were able to find was to disable windows authentication in the global internal settings on the ADFS farm itself. This is not an ideal fix, but at least your users can then use Office. Watch for a fix mid-February when Microsoft releases the public version of Office 365 Pro Plus 2016. Since the underlying issue seems to be stemming from Windows 10 1511, specifically Internet Explorer 11, I doubt it will be resolved at that time.

These fixes that we implemented cleared up a very big headache for us. Even after a few phone calls with Microsoft that had them scratching their heads. The end result after working with Microsoft support was that Office 365 Pro Plus 2016 is not fully released yet and, in Mid-February when it is released this should be resolved.