none
Domain-joined accounts cant renew Visual Studio 2015 Community license RRS feed

  • Question

  • Hi,

    I've scoured the web for several hours (quite literally) and am still unable to solve a rather unsettling issue with Visual Studio 2015.


    Context: my company uses Visual Studio 2015 Community edition. Our machines all pertain to the same domain (managed by a Samba-3 domain controller using OpenLDAP as a backend) so we all use domain accounts to log into Windows.


    Issue: Visual Studio 2015 encounters a problem while trying to renew the 30-day license when using a domain account. We get this message, no matter which Microsoft account is in use: "We could not download a license. Please check your network connection or proxy settings".

    However this problem does not occur when using a local Windows account, and the license can be renewed just fine.

    Even more puzzling is that when using a domain account, every time we start Visual Studio, it says we are disconnected: "An error has occurred and we can no longer retrieve user information [...] Please reenter your credentials for this account". We can then log on successfully, but if we restart Visual Studio, it says we are disconnected once again.

    This problem does not occur either when using a local account.


    Both issues can be reproduced on any machine in our network, and using any of our individual Microsoft accounts (registered using our work mail addresses).

    Since we can validate the license just fine when using a local Windows account, this is not a proxy or firewall issue. It seems to have something to do with our domain.


    If you have any idea, I'll be happy to hear it. As said above, I already scoured the web thoroughly, but it does not seem anybody has brought up a similar issue before, with the exception of one thread, which sadly does not offer any solution. I cannot link to because my account hasn't been verified yet, but you can find it easily by searching for "VS2015 Community cannot download license nick sagal".

    Other remote threads dealing with "could not download a license" error were mostly related to proxy settings or IE TLS shenanigans, which have not helped in our case.

    Cheers,

    Nicolas


    • Edited by Nicolas Bsag Wednesday, September 7, 2016 4:55 PM remove escaped character from title
    Wednesday, September 7, 2016 4:55 PM

Answers

  • So, after sniffing packets harder than a drug addict, trying to find a difference in TLS exchanges between my computer and VS licensing server when using a domain account and when a using local account, and noticing no difference, I recalled why I had pushed this hypothesis to the side: our network supports TLS 1.2 perfectly well, as I can connect to TLS 1.2-only remote hosts without any issue.

    This means the issue lies elsewhere, and is caused by Visual Studio treating domain accounts and local accounts differently when trying to renew licensing information.

    The good news is I've found why and how to fix it.

    I recalled that earlier this year, when we upgraded our commercial department from Windows 7 to Windows 10, they all encountered issues while trying to configure their mail accounts on Microsoft Outlook: an unknown error 0x8004011c. If you search around for it you'll quickly find that this only happens when using domain accounts and not when using local accounts (sounds familiar, heh?). The fix to bypass this issue is to set a specific Windows cryptography-related registry key.

    When digging a little deeper, you can find that this fix is related to KB 3000850 (which I sadly cannot link to due to my account not being verified) and is actually described in the "Known issues" section, as well as in Samba-related documentation ("Required Settings for Samba NT4 Domains").

    In short: Windows 8.1+ clients (with KB3000850) joined to an NT-Style domain are not able to use Windows Credential Manager. This doesn't occur when not using a NT-Style domain. The fix seems to globally authorize using Windows Credential Manager whatever the domain context.

    So, to wrap it up, if:

    • You have a NT-Style domain (such as when using a Samba domain controller)
    • You have Windows 8.1 or later
    • You encounter issues when renewing your Visual Studio license

    Then, set the following registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
    "ProtectionPolicy"=dword:00000001

    This solved the issue on our domain, for all machines and accounts tested.

    As to why Visual Studio 2015 needs to use Windows Credential Manager and not Visual Studio 2013, someone from Microsoft will have to chime in there to explain because I have no clue.

    Cheers,
    Nicolas




    • Marked as answer by Nicolas Bsag Thursday, September 8, 2016 12:41 PM
    • Edited by Nicolas Bsag Thursday, September 8, 2016 12:49 PM
    Thursday, September 8, 2016 12:38 PM

All replies

  • Hi Nicolas,

    Welcome to the MSDN forum.

    According to your description, it looks like you cannot renew the license when you used your domain account to login your computer, and if you used the local account to login the computer, then use the same Microsoft account to sign in VS and it can renew the license, right?

    If so, please login the computer with your domain account, and open the default browser IE 11 to access the Microsoft account sign-up page: https://account.microsoft.com/about and sign in with the same Microsoft account, if it works, this issue is more related to the Visual Studio. If you have the Visual Studio community 2013, you can sign in with the same issue and see if the same issue will happen or not.

    If it works fine with the VS community 2013, Please have a look at this: https://msdn.microsoft.com/en-US/library/mt604698(VS.140).aspx and update the security appliances to add the following URLs:

    Best regards,

    Sara


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Thursday, September 8, 2016 8:24 AM
    Moderator
  • Hello Sara,

    Thanks for your answer.

    I confirm that logging in to our Microsoft accounts using browsers works fine, and that we can renew licenses on VS 2013.

    Thanks for this link, I had indeed seen that VS 2015 uses TLS 1.2 but I failed to put two and two together, and did not have a look at all network appliances to check if they all support TLS 1.2.

    I will check if everything is in order and report back!

    Cheers,

    Nicolas

    Thursday, September 8, 2016 9:37 AM
  • So, after sniffing packets harder than a drug addict, trying to find a difference in TLS exchanges between my computer and VS licensing server when using a domain account and when a using local account, and noticing no difference, I recalled why I had pushed this hypothesis to the side: our network supports TLS 1.2 perfectly well, as I can connect to TLS 1.2-only remote hosts without any issue.

    This means the issue lies elsewhere, and is caused by Visual Studio treating domain accounts and local accounts differently when trying to renew licensing information.

    The good news is I've found why and how to fix it.

    I recalled that earlier this year, when we upgraded our commercial department from Windows 7 to Windows 10, they all encountered issues while trying to configure their mail accounts on Microsoft Outlook: an unknown error 0x8004011c. If you search around for it you'll quickly find that this only happens when using domain accounts and not when using local accounts (sounds familiar, heh?). The fix to bypass this issue is to set a specific Windows cryptography-related registry key.

    When digging a little deeper, you can find that this fix is related to KB 3000850 (which I sadly cannot link to due to my account not being verified) and is actually described in the "Known issues" section, as well as in Samba-related documentation ("Required Settings for Samba NT4 Domains").

    In short: Windows 8.1+ clients (with KB3000850) joined to an NT-Style domain are not able to use Windows Credential Manager. This doesn't occur when not using a NT-Style domain. The fix seems to globally authorize using Windows Credential Manager whatever the domain context.

    So, to wrap it up, if:

    • You have a NT-Style domain (such as when using a Samba domain controller)
    • You have Windows 8.1 or later
    • You encounter issues when renewing your Visual Studio license

    Then, set the following registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
    "ProtectionPolicy"=dword:00000001

    This solved the issue on our domain, for all machines and accounts tested.

    As to why Visual Studio 2015 needs to use Windows Credential Manager and not Visual Studio 2013, someone from Microsoft will have to chime in there to explain because I have no clue.

    Cheers,
    Nicolas




    • Marked as answer by Nicolas Bsag Thursday, September 8, 2016 12:41 PM
    • Edited by Nicolas Bsag Thursday, September 8, 2016 12:49 PM
    Thursday, September 8, 2016 12:38 PM
  • Hi Nicolas,

    I'm so glad to hear that your issue is solve and thank you for your sharing. It will help other community members who have the same or similar issue to search this solution.

    Best regards,

    Sara


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Friday, September 9, 2016 6:38 AM
    Moderator
  • Legend!! - This has been bugging me for days and I haven't been able to get in VS without first logging into a local account which was a pain. 

    Adding the HKEY worked wonders and my VS now re-authenticates. 

    Also this issue was preventing my Photoshop Install from working so now that works too. 

    Thank you so much Nicolas.

    Tuesday, March 26, 2019 11:52 AM
  • For the record, the error message for this same problem in Visual Studio 2019 is:

    "We could not refresh the credentials for the account Object reference not set to an instance of an object."

    The registry fix by Nicolas still solves the problem.

    Thursday, September 19, 2019 9:43 AM
  • Amazing!  Thanks so much for your detailed explanation as well as solution!  I have been scouring the internet as well for WEEKS and this finally worked!
    Wednesday, October 2, 2019 5:59 PM