Unable to activate Office 365, because cookies are blocked

internet-explorer cookies office365 windows-server-2012-r2
EM0 picture EM0 · Nov 3, 2016 · Viewed 30.3k times · Source

I've installed Office 365 on a Windows Server 2012 R2 machine with IESC enabled. When trying to activate Office it prompts me to sign in and as soon as I enter an email address it says:

Cookies must be allowed

Your browser is currently set to block cookies. Your browser must allow cookies before you can use a Microsoft account.

Cookies are small text files stored on your computer that tell Microsoft sites and services when you're signed in. To learn how to allow cookies, see online help in your web browser.

It says this even if I set Internet Options, Privacy to "Accept All Cookies" or check "Override automatic cookie handling" and select "Accept" for both first-party and third-party cookies.

What do I need to do to allow Office to activate?

Answer

BradT picture BradT · May 17, 2017

I spent way too much time on this silly issue. Following any one of the following bullet points may fix this for you. Pick one that you like:

  • Open Internet Explorer. From the Settings (gear) menu, select Internet Options/Privacy Tab/Settings Advanced Button. Notice that the Third-party cookies radio button says "Accept"? Click "Block", Click "Accept" and then Ok, Ok your way out. Yes, you are setting it right back to where it started! Each user needs to do this separately.

  • As similarly answered by Danny adding https://*.microsoftonline.com to the trusted sites in Internet Options fixes this issue. I know some others are reporting this doesn't work but it works for me with Server 2016. The correct entry can be discovered by using the nirsoft dnsquerysniffer during the office 365 login process. Here's some PowerShell to create a registry entry. The nice part about this registry entry is that it seems to fix this issue for all users.

    $regPath = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoftonline.com'
$regProperty = 'https'
$regValue = '2'
New-Item -Path $regPath -Force -Verbose
New-ItemProperty -Path $regPath -Name $regProperty -Value $regValue -Force -Verbose -Type DWord

  • Set HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10 to 1. Note you will have to do this for each user so this may be a good solution for those of you who can control user registry properties through group policy or other means.

Related questions

How do I view cookies in Internet Explorer 11 using Developer Tools

I'm looking for how to view the cookies set using developer tools in IE11. I see an option in network profiling to view cookies being sent back and forth, but this is not really the same thing. It is cumbersome …

Read More
Cookie blocked/not saved in IFRAME in Internet Explorer

I have two websites, let's say they're example.com and anotherexample.net. On anotherexample.net/page.html, I have an IFRAME SRC="http://example.com/someform.asp". That IFRAME displays a form for the user to fill out and submit …

Read More
IE 11 cookies in Developer tools

Is there an equivalent to Chrome's cookie view in IE 11 ? Chrome's cookie viewer: Resources->Cookies. Closest IE11 has is this : Network -> Go to url -> click on details - > Cookies. IE 11 Wiki has this under …

Read More