Windows credential manager
-
I have a user running Windows 10 and Outlook 2016. He continually gets prompted for his password. I repeatedly tried deleting the entry for it in credential manager and letting it recreate and then tried creating it manually and launching Outlook. Sometimes it creates it with persistence: enterprise and sometimes with persistence: logon session. Has anyone had this issue?
-
@Mike-Davis said in Windows credential manager:
I have a user running Windows 10 and Outlook 2016. He continually gets prompted for his password. I repeatedly tried deleting the entry for it in credential manager and letting it recreate and then tried creating it manually and launching Outlook. Sometimes it creates it with persistence: enterprise and sometimes with persistence: logon session. Has anyone had this issue?
Outlook prompting for credentials typically means there is a problem with autodiscover. That is usually a misconfiguration on the server side, or the client is not resolving DNS correctly.
-
I've also seen this happen where Windows Updates weren't installed, which breaks Autodiscover.
Check windows update and report back.
-
A mis-configuration on the autodiscover would effect more than one person though. This is not. While I have seen this behavior, generally the MS SARA tool will resolve it.
Is there a chance that updates are needed - would create this - yes I have seen this. but in this case, I believe all updates are done on the system.
I wonder though - I have seen some local issues with DNS that prevented the system from pulling MS Updates. I had to go in to the NIC adapter and force a DNS to Google.
I can't recall if I did this on the person,.. but it is an option - point the 2nd DNS enter to 8.8.8.8 and try again.
-
yes, updates were out of date when I first connected to the machine. It was a remote user with a domain machine that couldn't contact the WSUS server. I forced it out to Microsoft's update server and patched it up to date.
-
Good idea to check DNS. One of the things I tried to do was create a new Outlook profile and that failed - so that is something that should be checked.
-
I've seen similar issues (they were usually with activesync though) with a security issue of the user account in Active Directory, I fixed it in the past by removing inherited permissions, then readding them to the user in AD Users and Groups.
-
So I got to the bottom of this one. It turned out to be autodiscover related as @JaredBusch suggested. Even though the autodiscover.domain.name record is correct, it seems on his system outlook was checking a bunch of other things and requesting a password on each one of them. To fix the issue, I had to open regedit and go to:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
Then add the following registry entries:
"ExcludeScpLookup"=dword:00000001
"ExcludeHttpsAutodiscoverDomain"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"ExcludeSrvLookup"=dword:00000001
"ExcludeHttpRedirect"=dword:00000000
"ExcludeSrvRecord"=dword:00000001 -
@Mike-Davis said in Windows credential manager:
So I got to the bottom of this one. It turned out to be autodiscover related as @JaredBusch suggested. Even though the autodiscover.domain.name record is correct, it seems on his system outlook was checking a bunch of other things and requesting a password on each one of them. To fix the issue, I had to open regedit and go to:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
Then add the following registry entries:
"ExcludeScpLookup"=dword:00000001
"ExcludeHttpsAutodiscoverDomain"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"ExcludeSrvLookup"=dword:00000001
"ExcludeHttpRedirect"=dword:00000000
"ExcludeSrvRecord"=dword:00000001All of those other lookups are normal.
Wonder why his had a problem and no other system did.
One would assume that if any of those actually resolved to something all the systems would have problems.
-
How many other remote systems do you have? IS there a VPN that this users is on? Was/is DNS working correct on that VPN?
Does the Exchange testing website come back clean?
