Outlook continually prompting for username and password

AID: 2300

Status: Published

89973 points

Bydemazter
TypeGeneral
Posted on2010-01-20 at 00:27:52

Awards

Community Pick
Experts Exchange Approved
Editor's Choice

There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover the most common ones here.

Exchange 2007 Service Pack

There was an issue with repeated password prompts that was resolved by installing Rollup 9 for Exchange 2007 SP1, however I would recommend that you should now be using Exchange 2007 SP2 since it has been around since August 2009: http://www.microsoft.com/downloads/details.aspx?FamilyID=4C4BD2A3-5E50-42B0-8BBB-2CC9AFE3216A&displaylang=en Exchange 2007 Service pack 3 is also available: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1687160b-634a-43cb-a65a-f355cff0afa6&displaylang=en

If you are in an Small Business Server 2008 environment and not yet using Exchange 2007 Rollup 9 you can also install SP2 for Exchange 2007 with the aid of the Installation Tool, available here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;974271

Autodiscover

If that doesn’t fix the repeated prompt for password then it could be down to the autodiscover if you are using Outlook 2007 then you must configure autodiscover correctly. There are many articles out there that cover the correct way to configure autodiscover, one of the better ones I have found is this one: http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/

However the part that most people are missing is the autodiscover.domainname.com (where domainname.com) is the part after the @ in your e-mail address. Newer versions of outlook will look for this for OAB download, free/busy information, Out of Office etc etc. If it’s not there then outlook will continually give user prompts. To accompany this you must have an SSL Certificate that contains the autodiscover.domainname.com URL (whilst you can configure ways around this, it really isn’t worth all the hastle). So purchasing an SAN/UCC Certificate, which you can get from http://www.exchangecertificates.com with the following names in is a must for Exchange 2007 and Exchange 2010:

autodiscover.domainname.com

owa.domainname.com (the URL used for Outlook Web Access)

remote.domainname.com (used in SBS 2008)

servername.domainname.local (the internal FQDN of your Exchange Server)

SERVERNAME (NETBIOS Name of your Server)

You must also have the corresponding autodiscover.domainname.com and owa.domainname.com A records configured in your external DNS

Kernel authentication Mode

If you have all the above configured and you are still experiencing problems then the following procedure will more than likely fix it for you. It has been working a lot for me lately and also for people asking questions on Experts Exchange.

In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if you are not using SBS then they will be under the Default Website.

The virtual Directories you are looking for are:

Autodiscover

In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.

Internet Explorer Proxy

Another recent discovery is that if you use a proxy server then you need to ensure that the exchange servers fully qualified domain name is in the exclusion list.

This can be done manually in Internet Explorer under Tools > Internet Options > Connections or using Group Policy if you want to make the change in a centralised environment.

Hopefully some or all of the above changes will stop the repeated password prompts from appearing and your users from getting frustrated.

Asked On: 2010-01-20 at 00:27:52ID2300
Tags: Outlook prompting
,; autodiscover
,; exchange
,; autodiscover.domainname.com
Topic: Exchange Email Server
Views: 64483

About The Author

demazter

I am an IT Consultant specialising in Microsoft Products. I have worked with all versions of exchange from 5.0 to 2010 and Windows NT3.51 to 2008R2. Visit my blog here: http://demazter.wordpress.com/

More Articles From demazter

Comments

Author Comment

by: demazter on 2010-01-27 at 23:54:53ID: 8569

Remember if you find the article usefull click the Yes button :-)

Expert Comment

by: mutahir on 2010-02-04 at 11:36:32ID: 9121

Useful article - yes I did clicked the "YES" Button. :-)

Author Comment

by: demazter on 2010-02-05 at 02:13:24ID: 9149

Thanks Mutahir :-)

Expert Comment

by: MPECSInc on 2010-02-11 at 15:36:31ID: 9565

Me too! :)

Expert Comment

by: SAM2009 on 2010-02-17 at 09:04:06ID: 9751

Ya very interesting!

Expert Comment

by: Raheem05 on 2010-02-22 at 03:05:03ID: 9942

Good posts Glen :)

Author Comment

by: demazter on 2010-02-22 at 03:06:43ID: 9943

Thanks All!

It appears the SBS Official Blog has also finally picked up on this issue, at least I got there first :-)

Expert Comment

by: mboppe on 2010-03-04 at 21:36:21ID: 10478

Demazter

I checked all the above things and we are not missing any thing.All server have exchange sp2.
out domain is uts.edu.au and has got the autodicover.uts.edu.au configured.
Our CAS servers are windows 2003 so don't need to worry about kernel mode authentication.

We have 2 CCR clusters one is windows 2003 and the other is windows 2008.Users on windows 2003 don't get popups but users on windows 2008 get them and the fix is to run the below command.

Set-CASMailbox -identity username -OWAEnabled $true -ActiveSyncEnabled $true -PopEnabled $false -ImapEnabled $true -MAPIEnabled $true

Expert Comment

by: mboppe on 2010-03-04 at 21:38:53ID: 10479

Another article if this of any help for other members

http://support.microsoft.com/kb/927612

Expert Comment

by: johncooper12 on 2010-03-13 at 21:18:13ID: 10703

Thanks for this worked a treat no more password prompt's

Expert Comment

by: mwvisa1 on 2010-03-16 at 16:48:50ID: 10882

Nice article, Glen!
Voted "Yes" above.

Expert Comment

by: NRTCF on 2010-03-18 at 16:39:33ID: 11124

I tried all the available fixes above, sp2 rollup 2, removed the kb causing the problem, enabled kernal mode authentication in IIS and still have the same problem. Waiting to hear from MS on this. Outlook 2000 client will not event connect. :(

Expert Comment

by: mboppe on 2010-03-18 at 16:46:24ID: 11125

Let us know what MS comes up with.

Expert Comment

by: jjdurrant on 2010-04-06 at 12:14:04ID: 12738

Great article!

Expert Comment

by: davorin on 2010-04-07 at 01:40:50ID: 12754

In most cases this problem arises after installing KB 973917 fix (IIS), which was published at automatic updates at the end of 2009. You have my vote ;)

Expert Comment

by: utilize on 2010-04-14 at 03:08:31ID: 13126

I have similar problem except that, if I run IISReset, then a Test-OutlookWebServices, everything works (with the exception of When contacting https://remote.DOMAINNAME.com/Rpc received the error The server committed a protocol violation. Section=ResponseStatusLine). Ten minutes after the IISReset, it stops working until I run IISReset again. We are running SBS2008 with Exch 2007 SP2 UR2.

Author Comment

by: demazter on 2010-04-14 at 03:24:59ID: 13130

utilize, that looks like a completely different issue.

My recommendation would be to open a question in the Small Business Server and Exchange Zones and allow the experts in these zones to respond to your question.

Thanks
demazter

Expert Comment

by: _APEX_ on 2010-04-25 at 07:49:00ID: 13799

I have SBS 2008 and SP2 is installed on that and SP2 for exchange and everything was working fine for the first 3 days when the server was put in but now all users with Outlook 2007 get the password prompt for connect to servername.domainname.local as the title for the box and inside it is remote.externaldomainname.com.

I have removed KB973917 but that was installed when I setup the server and the system was working for 3 days with this installed (I have to restart the server but due to having a USB drive attached I cannot restart right now).

Oh and no other updates have been installed since I put it in. I have also removed a machine with Outlook 2007 from the domain reattached created a new profile and it has the same issue.

This does not happen with the machines with Outlook 2003.

Any ideas?

Author Comment

by: demazter on 2010-04-25 at 07:54:10ID: 13801

Have you made the Kernel Mode authentication changes as detailed in my article?

Expert Comment

by: _APEX_ on 2010-04-25 at 07:59:35ID: 13802

Well I should have tried a bit further down your list :P

The section of Kernel authentication Mode fixed this for me as far as I can tellwith my tests. I says this is enabled by default yet the boxes were unticked. I will keep you updated wether this has fixed the issue. But I have ticked yes to this article helps.

Expert Comment

by: itdata on 2010-04-30 at 02:01:25ID: 13982

I also found the boxes in Kernel authentication Mode section to be unchecked as Apex did. Once checked on each website mentioned and then ran iisreset from a commandprompt, the customer says the dialogue box has disappeared. I've notified the customer that they must come back to me if reemerges, but so far it looks good. Thank you! Useful button=yes :)

Expert Comment

by: adam1115 on 2010-06-18 at 10:05:23ID: 15923

This article is great, unfortunately it appears to only apply to Server 2008 users.

We're running Exchange 2007 on Windows Server 2003 and having the same issue... any thoughts?

Author Comment

by: demazter on 2010-06-18 at 10:42:06ID: 15924

You can still apply Exchange 2007 Service Pack 2, this can resolve a number of issues. Once SP2 is installed ensure Rollup 4 for Exchange 2007 SP2 is installed.

Expert Comment

by: levidos on 2010-06-22 at 10:28:42ID: 15991

Nice article

Expert Comment

by: sheilarhoward on 2010-06-29 at 09:25:16ID: 16316

We also have this problem. Server OS 2003, Exchange 2007 SP2 with rollup 4, Outlook 2007. I can make the password prompt go away by setting Autodiscover\directory security\secure communtions\Accept cleint certificates. However, that setting causes OOF and free\busy search to fail. If I set it to Ignore client certificates OOF and free\busy work fine but we receive the password prompt repeatedly.

Everything was working fine until I patched the OS and applied Exchange SP2. I have read, and tried the solutions in many posts. I've been fighting this for 3 weeks. One problem is I can't reset IIS in the middle of the day.

Author Comment

by: demazter on 2010-06-29 at 09:27:07ID: 16317

If you are receiving a certificate prompt then this is a different issue.

And more than likely caused by not having the correct names in your certificate.

Expert Comment

by: sheilarhoward on 2010-06-29 at 09:48:25ID: 16321

We are not getting a certificate prompt just a password prompt. We do have autodiscover.domain.edu on the SAN and an A record that points to the IP address of that server. It does resolve correctly.

Expert Comment

by: sheilarhoward on 2010-06-29 at 09:54:46ID: 16323

Let me rephrase that. With Autodiscover set to "Accept Client Certificate" then using IE to test https://autodiscover.domain.edu/autodiscover/autodiscover.xml it will ask for a client certificate then displays a 403 error.

Expert Comment

by: adam1115 on 2010-06-29 at 10:38:58ID: 16324

To clarify, my password problem started with Exchange SP2. Unfortunately the article doesn't help with server 2003...

Author Comment

by: demazter on 2010-06-29 at 10:41:55ID: 16325

That's interesting as the password prompt is caused by changes to IIS7, which of course isn't on Windows 2003.

Have you considered applying Exchange 2007 Service Pack 3 to see if it's one of the number of issues resolved in that?

Unfortunately I haven't personally seen this issue with Exchange 2007 installed on Windows 2003 so have never had the oportunity to troubleshoot it. :(

Expert Comment

by: sheilarhoward on 2010-06-29 at 10:45:23ID: 16326

First I'm going to try reapplying some of the IIS service packs since I had to reinstall IIS. I just noticed that there are 3 that need reinstalled. I have to wait until our maintenance window on Saturday. I'll post back if that fixes it.

Expert Comment

by: sheilarhoward on 2010-07-11 at 02:33:52ID: 16858

The services packs were reapplied and the issue still exists. If Autodiscover is set to accept client certificates then Out of Office and Free Busy Search do not work. IfAutodiscover is set to ignore client certificate then Outlook 2007 repeatedly prompts for a password.

Expert Comment

by: mattibutt on 2010-08-17 at 14:35:23ID: 18335

hi
i have looked at your article the sp2 is not installing when i download the tool and run it it basically doesnt detect the sp2 in the folder thats one thing
in my situation 2 of my stations are able to connect to outlook where others failed they are on windows 7 or windows vista so to sum up your article isnt solving my problem

Author Comment

by: demazter on 2010-08-17 at 21:52:21ID: 18347

If you haven't installed SP2 then it's a little unfair to say the article isn't helping you.

You need to resolve this issue first. I would suggest opening a question to resolve the installation of SP2. Once you have SP2 installed if you still have the problem then try method 3 in my article.

Expert Comment

by: mattibutt on 2010-08-22 at 07:40:40ID: 18584

hi
i apologise for my remarks i was bit frustrated that day anyhow the reason why my users were unable to connect to exchange was due to login process during exchange setup when i was setting up their account it asked for their username and password the default login prompt was coming with the server\username so when user repeatedly entered password it didnt work my CEO tried to enter our domainname\username it worked so i never had to install SP2 or do anything mentioned in this article.
please also note i was encountering problem for users who were part of my LAN but not logged to domain instead they were working with their local setup but were connected to the server by being in the same LAN

Expert Comment

by: InterframeGap on 2010-10-20 at 10:02:44ID: 20651

Lot's of good information in the post, so I may repost some obvious infomormation or duplcated info. But here is my offer:

1) When not part of a domain your login TO a domain will always be %LOCALHOSTNAME%\%USERNAME%. This means you will be prompted for a password inwhich you must correct the login to state %DOMAIN%\%USERNAME%. Depending on the users OS, (XP + Vista + W7 etc) you can use network credencials to automate some of this login. My mileage has varied with this saving of credentials and it also depends on your security policy.
2) What version (2003, 2007, 2010)? Seems there are other people with similar problems but on different SPs and Exch Versions.
3) Is there a Load Balancer involved with CAS or HT traffic (2007+10)
4) In the profile what is setup for base authentication (basic, ntlm, http/rpc?)
5) Have you done a trace of a working client and a malfunctioning client and tried to find what the difference is?
6) If Certs are involved are you using a SAN Cert or just individual certs?
7) With autodiscovery you have autodiscover.domain.com, depending on your setup you also have casarry.domain.com, you also have an _TCP SRV record which should be set (part of the auto discover process).
8) As for exchange & AD & DNS
Exchnage are you in mixed or hybrid mode?
Are users who are not part of the domain able to find the generic MS SRV records (_gc & _msdcs + A records in domain.org).
One Site or multiple sites? (AD and Exchange).

Lots of questions and hopefully I am not to far off on the subject matter. A trace is your best start.

I'll leave it here to see if this helps, if not give me a little feed back so I can re orient my logic.
DMT

Author Comment

by: demazter on 2010-10-20 at 11:00:56ID: 20653

InterframeGap,
Thanks for your comments however for the sake of clarity I would just like to mention the following:

When not part of a domain your login TO a domain will always be %LOCALHOSTNAME%\%USERNAME%. This means you will be prompted for a password inwhich you must correct the login to state %DOMAIN%\%USERNAME%

This is not strictly true, for example users can login with their UPN or email address depending on how the receiving system has been configured.

3) Is there a Load Balancer involved with CAS or HT traffic (2007+10)
Not sure what relevance this has to be honest, the HT role has absolutely nothing to do with authentication and I have never seen a load balanced CAS role provide any different authentication issues and I have worked with a number of them.

4) In the profile what is setup for base authentication (basic, ntlm, http/rpc?)
The authentication method should match that, that is configured on the Outlook Anywhere configuration of either the CAS server and/or the ISA/FTMG server if being used.

7) With autodiscovery you have autodiscover.domain.com, depending on your setup you also have casarry.domain.com, you also have an _TCP SRV record which should be set (part of the auto discover process).

The process is to use a Service Connection Point (SCP) which is an object within Active Directory that is created when the CAS role (2007 or 2010) is installed. Outlook 2007 and newer will first try to find this.

If that fails then they will look or the url https://domainame.com/autodiscover/autodiscover.xml where domainname.com is the part after the @ in the email address. if this fails then it will look for https://autodiscover.domainnme.com/autodiscover/autodiscover.xml

If all 3 of the above mentioned fail then outlook will try the SRV record.

The casarray name isn't part of this process unless it is specifically mentioned as the SRV record for autodiscover. In which case as long as the FQDN is in the certificate the clients will be using (which it should be anyway) then there are no issues.

8) As for exchange & AD & DNS
Exchnage are you in mixed or hybrid mode?
Are users who are not part of the domain able to find the generic MS SRV records (_gc & _msdcs + A records in domain.org).
One Site or multiple sites? (AD and Exchange).

This part is confusing me a little bit because I am not sure what you are trying to get at. Mixed or Hyprid? I am assuming you mean mixed or native? If so when in mixed mode the CAS server is still responsible for client requests from 2007 or 2010 to legacy Exchange Servers.

In Exchange 2010 it is used solely and will make direct connection to the mailbox servers to service the client requests, in Exchange 2007 the CAS will proxy the request to the 2003 server.

Thanks
demazter

Expert Comment

by: hypercat on 2010-11-05 at 10:34:33ID: 21109

Thanks, demazter, it was very useful to have this information all in one place. In my case, I had a Windows 2008 SBS server that was working fine for more than a year. Then, I ran Windows Update on it and the workstations a few days ago, and....BOOOMMM! I knew basically what the problem was but didn't have the solution ready at hand. It was great to find your article with things explained so clearly and in stages. In my case, it was the IIS virtual directories that did not have the "Enable kernel mode authentication" box checked.

As always, your help is appreciated.

hypercat

Expert Comment

by: alanhardisty on 2010-12-07 at 08:04:58ID: 21932

So does www.exchangecertificates.com.

Expert Comment

by: HKComputer on 2010-12-07 at 08:06:49ID: 21933

I see they have the same phone numbers. I think it must be the same company.

Expert Comment

by: alanhardisty on 2010-12-07 at 08:07:50ID: 21934

They are both GoDaddy Reseller accounts - the one you posted is Simon Butler's (Sembee / Mestha) - the one I posted is Demazter's : )

Expert Comment

by: smcmaster on 2011-01-27 at 08:31:34ID: 23169

Thank you! After installing a ssl cert using the cert wizard, all of my outlook 2007 clients were being prompted with a password request. I installed exchange server 2007 sp3, and rollup 1 for sp3. It fixed the problem for a day, but would start nagging again for the password the next day. This seems to have fixed it. We'll see....

Expert Comment

by: meelmeal on 2011-02-15 at 08:15:09ID: 23882

hi
i too have winodws server 2003 ... exchange 2007 sp3 is installed but the problem still remains :(
my san certificate has all the required names (owa , owa.domain.com , ews , ews.domain.com , servername , servername.domain.com , ... )
what should i do ? :(

Expert Comment

by: InterframeGap on 2011-02-15 at 11:44:50ID: 23889

Hey MeelMeal - Please open a new post on the issue so you get better response and we can add to the issue and you can close/follow it much easier.

Just to start - I would take a trace of the problem (just run wireshark or netmon on the client). I would use a test account (login test account as well as test email account). For security reasons - if you post the trace or post it to specific people.

I would make sure that all the DNS for all the records in question resolves correctly - Forward record and PTR. This means owa.company.com resolves to 1.1.1.1 and 1.1.1.1 resolves to 1.0-in.addr.arpa. for example.

I would also post a screen shot of the error you are getting.

if you submit a new post please let us know so we can help you.

FYI: SAN cert and Unified Comunication Cert will allow for multiple names. UCC is more flexible than a SAN, but all depends on your needs.
Digicert, Comodo provide SANs. Microsoft has a recommended list. I would make sure that your clients have an updated trusted entity list (I think this is provided at a certain windows patch level but I'm not sure).

Or you can send the AuthGroup/Chain/CRL in the SSL session to the client. If the client does not have the CRL of the CA/Intermediate the SSL session will fail or you will get the untrusted CERT warning.

Demazter - I have some more information for you on the list I provided above, but I can't type it now. I'll post it to you directly (I think I can do that) and keep it off this thread, unless you want it part of this thread.

Expert Comment

by: meelmeal on 2011-02-15 at 11:57:39ID: 23890

hi , actually that was what i did in the first place then someone replie to that post and gave me the url to this one !
here's the link

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26817967.html?cid=239#a34882166

by the way, one quick question ... i didn't purchase any certificate from other CAs, i just installed the CA service on one of my servers and used that to issue a certificate ... is there anything wrong with that ?!

i will try other suggestions and will get back to you ... on my own post :)
thanks

Expert Comment

by: smcmaster on 2011-02-15 at 12:10:02ID: 23892

Please note: if you are having this problem on a sbs 08 server after installing a 3rd party cert, please make sure you have connected your workstation / laptop to the domain by using the http://connect method. If you use the standard method that server 2003/2008 uses, you may run into this problem. The office I was having this problem at has 3 users.The users laptop that was joined to the domain using the http://connect method was not experiencing this problem. The other 2 users who were joined to the domain as if it were a standard 2003/2008 server, were having the password prompt pop up randomly. Sometimes, it would go 3 or 4 days before the password prompt popped up.

Expert Comment

by: InterframeGap on 2011-02-15 at 12:59:30ID: 23895

Meelmeal:

Nothing wrong with you creating your own CA (PKI). One thing which comes to my mind is that the remote workstation does not have the CRL of the CA. If you https://owa.company.com using IE 7+from a client having the problem do you see something like this in the browser?

2-15-2011-3-56-50-PM.png

28 KB
Untrusted CERT

Expert Comment

by: meelmeal on 2011-02-15 at 22:42:56ID: 23911

hi,
no actually i think the certificate is working fine ... and https://owa.company.com or autodiscover and all the other pages show no security warning...
i had an issue with these security warnings when i had a non-SAN certificate instaled on iis , but then i installed this SAN one (with all the names included in the SAN attribute) and all the warnings went away ... and authorization windows popped out of the blue! :D

by the way, thanks for your answers man ... did u take a look at my own post ? i described the whole situation there

Expert Comment

by: meelmeal on 2011-02-19 at 07:59:20ID: 23981

ok i'm beginning to prepare to kill myself now ! :(
i've configured everything and triple-checked them and i can't really find anything wrong with the settings ...
but now outlook keeps prompting for credentials and it seems to be from OAB ... autodiscover is working fine, i have all the virtual directories set on "kernel-mode authentication" and blah blah... but i can't get OAB to work ...
also when i browse "https://server.domain.com/oab" it asks me for credentials and then gives me 403-access is denied error

(windows server 2008 R2 / Outlook 2007 SP3 with Update Rollup 2 / outlook 2007 with service pack 2)

Expert Comment

by: oandosupport on 2011-03-07 at 00:36:22ID: 24313

still have the outlook password prompt....

Our UCC cert has the following;
autodiscover.domainname.com
owa.domainname.com
it doesn't contain fqdn names of our exchange servers (we have 3HT, 3CAS, 4MBX servers)

we also use proxy server. We used GPO to specify ab* (all our exchange server names begin with ab).

OOF works fine, OAB download works fine. Our issue is the password prompt, and OCS integration error.

.....upgrade to Exch 2010 SP1 didn't help.

Author Comment

by: demazter on 2011-03-07 at 03:50:19ID: 24316

If you are experiencing problems beyond the scope of the article I would suggest raising a question in the Q&A zones.

InterframeGap, offering remote support is not permitted on Experts Exchange.

Expert Comment

by: InterframeGap on 2011-03-07 at 03:51:45ID: 24317

I accepted remote support, I did not offer. However, a new Q&A for both questions would be very helpful.

Expert Comment

by: CoSmismgr on 2011-04-13 at 09:38:53ID: 25746

Liked it, it would be great if someone could do something similar for an Essential Business Server default installation as well, as some things vary slightly, but this helped me eliminate the annoying POP-UPS!

Expert Comment

by: alsmachado on 2011-05-13 at 10:58:05ID: 27283

Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement
http://support.microsoft.com/kb/2006508/en-us

Expert Comment

by: tiago_aviz on 2011-11-02 at 17:13:05ID: 33003

This article helped me to make sure that I had everything setup correctly. But there is one more thing that may get you some pop-ups on Outlook 2010..

If your Web Proxy is set on IE, and if it asks you a password to use it, and if the URL's needed for autodiscover and OAB download are not on the exempt list, you will also get these bloody popups asking your password.

Just set the addresses on the IE Proxy exempt list, and off they go...

Expert Comment

by: Belgar on 2011-12-09 at 05:53:36ID: 33601

Hi,

I didn't read everything, so sorry if somebody already give you this tips.

I had the same problem on few computers.
I solve it by rewriting the Exchange password in the Windows identification manager.
(in a french version, So could be a litle different)
In Windows 7 :
Identification manager.
Look for MS.Outlook:.... in generic identification information
Modify -> rewrite the password.

it works well for me (but I don't know why it is necessary ...)

Expert Comment

by: SyncroIT on 2012-03-06 at 07:46:57ID: 44799

We are driving crazy with this password prompt, it started with a few users yesterday, now it expanded to all users on the local network. The curious part of it is that if cancel the password prompt and then click on the botton screen of "Need Password" within Outlook 2007 it connects, but suddenly a while latter again the password prompt.

I have some other users from a remote office and they are not having any issues.

Have a wildcard certificate from GoDaddy and msstd:*.domain.com configured on all Outlook 2007/2010 specifications.

We are using SBS 2008.

Already checked all what is suggested on this article but still password prompts continue.

Thanks for your help

Expert Comment

by: WilsonJohn on 2012-05-02 at 02:01:01ID: 52179

I am facing similar issue for few users - Exchange is 2010. Which service pack I should apply