How to resolve SharePoint Username/Password always pop-up?

Stiebel Eltron
Stiebel Eltron used Ask the Experts™
on
Dear EE,

I would like to ask for support regarding this problem. We have several users (Windows Xp & Windows 7 users) who are accessing our SharePoint site, but everytime they access the SharePoint site, the site is asking for their Usernames & Passwords, but we already set the SP to be Windows Authenticate. So every users can just open the site & they're automatic logon to the site. But some users, specially for 2-3 Windows7 users, the program is asking for the credentials & username & password. So, they'll just click the OK button 3x, then it'll be gone. But after some time, it'll pop up again...

Kindly advise on how to resolve this matter.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you have to set the passwords on the browser.
AlMothanaAlOmari: links will help you on that.I had a similar problem and In Internet explorer is easy because you only have to move the sharepoint site to the Intranet zone and then on the internet options set automatic log on for intranet zone.
And you can create a policy on the domain that will enforce this for all users in the network.

Author

Commented:
I followed what AlMothanaAlOmari advised (the 2 links), restart the clients PC, but still having the same issue. The site ask for UN & PW of the user 3x.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

check if the site was added to trusted location
IE -> tools -> Internet options -> security -> select internet -> custom level -> settings -> user authentication login -> select the radio button -> Automatic logon with current user name and password

same steps to IE -> tools -> Internet options -> security -> local intranet and trusted sites

Author

Commented:
The site was added to the Trusted Site location, from the very start. It's very strange that some Windows7 users don't have any problem, no need to do this method, only some users of Win7 and WinXp are having the same problem.
Minesh ShahSharePoint & all about it

Commented:
Remove user permissions & re-assign them as it was.
i know sounds weird but i remember this way, i don't know how, i solved same issue some 10-12 months back.
 
stiebel:>did you apply the IE settings using the domain group policy ?

Also check the version of IE on the said users-maybe they using different browsers?

Author

Commented:
@MineSharePoint: What do u mean by removing user permission & re-assign as it was?
Do u mean permission @ SharePoint site? I need to delete the users then add it them again together with their permission? Kindly advise if I'm wrong...

@NormanMaina: I did that too already, what AlMothanaAlOmari advised & u as well earlier. Restart the clients PC, server with the main AD, but still receiving the same error.
Most of the users that are receiving this error are using IE 8. Same version of IE.
It sounds as though your servers are setup to use NTLM, and that you are using Active directory account.  I assume all this, also assuming only 1 domain.

you'll want to make sure that under

Tools>internet options>security tab>Local intranet>custom level button,

scroll all the way to the bottom, and make it is set to "login with local user name and password"

Make sure that the users are allowing cookies to be created as well.  Some network group policies do not allow this.  When they are allowed, adding the site to the Intranets trusted site list in IE should solve the problem.  If there is some issue preventing auto-login, try loggin in to the sharepoint site just using the 1st part of the domain name as a test.  For example if the site is http://portal.company.com, try loggin in to just http://portal.

Author

Commented:
@screen-name: I have done that. But still no help. Restart the client's PC, but still no work.
I've got that advise from the previous post.

@webmaister: Cookies is allowed with client's PC. But I have 2 another question, I'm not sure where or what's the problem, if the user use IE 8, the problem occurs on the HOME or MAIN site of our SharePoint only, but with other TeamSite, no problem, only at the HOME site.
2nd is, if the user use Mozilla Firefox, it will only ask 1 time for the user to login, after that no more problem or no need to login unlike with IE8, login page pop up all the time.

Please advise...
do you know if the Farm is using NTLM or Kerberos?

Have you tried other versions of IE?  Going off memory, I think IE8 may not be supported until you have SP2 installed on SharePoint.

Have you tried to run a "fiddler" trace on the page load to see at what point its re-asking for authentication?  It might be there are some broken inheritance that is triggering the re-auth request.

Link to fiddler - http://www.fiddler2.com/fiddler2/

Author

Commented:
@screen-name: we're using NTLM.

Do u think it's the issue here, the version of IE? Bec. I'm using IE8, & other users too, but no problem, only for few users. But our SP is updated to SP2 already.

For the fiddler, I need to run this @ the clients machine?
Have you tried this?  Internet options>advanced tab>reset internet explorer setting?

You could try uninstall and re-install IE8, it should work with SP2.  

For fiddler, yes its a browser plugin, so it needs to be run on the client having the issue.  There is also another "version", that is a bit more user friendly, but I can't seem to remember the name right now.  I'll ask at work tomorrow.

Also, does the problem follow the user or the PC?  Meaning if the user were to login to another known working PC, does the problem persist?

If it follows the users, I would look at the fiddler trace for a permissions issue.

If it stays with the PC, you might try createing a new user profile, if nothing else works.
Its FiddlerCap,

http://www.fiddlercap.com/FiddlerCap/

They even gives the user instructions.  

Author

Commented:
@screen-name: Yes I have tried that, resetting the Internet Explorer settings.
Uninstalling the IE8, then re-installing it, not yet.

I have tried to login to other machine the user that having this problem, problem didn't persist. The same user never had problem login to other machine using the same UN/PW. Only with her machine.

So, u suggest me to delete the old profile then re-create it again in the AD?
stiebel:>Check if the authentication providers for your site is Kerberos
stiebel:>just seen you are using NTLM...change to Kerberos

Author

Commented:
@NormanMaina: We have followed the setup for MOSS 2007 and was advised to use NTLM instead of Kerberos. Because some users or most of the users doesn't encounter this problem, only with 1-2 users only. So I don't think it's necessary to change it to Kerberos...
The subject of Kerberos authentication is large—entire books have been written about it—but here's a quick explanation of why Kerberos works better than NT LAN Manager (NTLM). When you configure the user account and the server to be trusted for delegation and you use Kerberos, any server component that the user invokes enjoys full network access (which is called delagation). If the client is logged on to a domain, the browser never prompts the user for credentials; it simply uses the user's default logon credentials.

If your domain doesn't use Active Directory (AD) or if the user's browser doesn't support Kerberos, Integrated Windows authentication falls back to NTLM authentication (which was available in IIS 4.0). With NTLM authentication, however, server components have only limited network access.

Check this link on Kerberos/Negotiate vs. NTLM in Sharepoint.
http://www.agileconcepts.com/Blogs/AQ/Lists/Posts/Post.aspx?ID=12
No not the AD profile, the local profile on the users PC, ie C:\documents and settings\username, rename it, and have the user login again, and it will create a new profile there.  Bare in mind all settings will need to be reconfigured, like mail, Favorites, and what not, and documents need to be moved over (if this fixes the issue)

And this is just my opinion, but you should not switch to Kerb just because of an issue.  I agree Kerberos is better in the long run.... But if you have never set it up before, you may have quite a battle in front of you...  I say fix the current issue, and then evaluate your options to use Kerberos.  
 
1. Your Service accounts would need delegation authority, most domain admins are not so eager to grant this... And then theres the SPNs, most Sysadmins are not too familiar with them, heck even I wasn't until I started working with SharePoint.

2. If you are switching to kerberos, the steps are different, then just setting it up initially.

3. You also need to follow steps to configure Kerberos for the SSP, not just the sites. (IMHO)

4. Another thing to consider is time, if the time on the client and the time on the server or DC are more than 5 mins off kerberos will fail.

5. You users' token size, meaning typically if your Active directory is full of groups, and nested groups, that can cause issue for Kerberos, sometimes a user has SOOO many groups assigned that kerberos can not parse the users token, and it fails DOA style.

Just a few things to consider for Kerberos, its not a cake walk.


Author

Commented:
@screen-name & NormanMaina:
I agree with you regarding the Kerberos, but we started it already & working with the SharePoint already. I'm thinking where is the problem, because if I use Firefox, it will ask 1 time only for the user to login. if the user login to other machine using their name, there's no problem, only with IE8 on their machine... so do u think the problem is with their profile or with IE8?
Firefox stores the password -  mmh maybe thats all you need to store the password in Internet Explorer.
However..whenever the user changes the password...they will be prompted to enter the new password when they try to access SharePoint again.

Internet Explorer 7/8 uses a feature called AutoComplete to store passwords and other information that you type into web form fields when it is enabled. With AutoComplete for user names and passwords, IE 7/8 will prompt you before saving the account information.

Go to Internet Options and In the Content tab you will find auto complete settings.
Ceck the UserNames and Forms

Author

Commented:
@NormanMaina: It is selected already. Don't know why it didn't store for the UN/PW of the user.
Minesh ShahSharePoint & all about it

Commented:
Yes my dear friend.
Minesh ShahSharePoint & all about it

Commented:
Also try one thing.
try accesing the same site from your machine with user credentials. share what happens..

Author

Commented:
@MineSharePoint: What do u mean with user credentials? Do u mean by logging in to the SharePoint site from my machine using the user's credential (user that having the problem)?
If that is what u mean, I tried it already & it has no problem. Everything works fine! Except, from user's machine...
stiebel:>sounds like a registry problem-if auto complete is checked and IE is still not saving user name and password.

Follow these links for step by step guidance on how to resolve this:
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=348

http://www.watchingthenet.com/how-to-force-internet-explorer-7-to-save-web-site-password-after-answering-no.html
You could try... If you have not yet...

Tools>internet options>Content Tab> AutoComplete settings>delete autocomplete history.

If a new user can login to one of these PCs and not have the problem, then i lean toward it being a user profile issue.

If a new user logs in, and has the same issue on the PC, then its would seem to be an IE issue.


Author

Commented:
The problem is with the user's profile.
ah ok...good to know ... its always a learning experience being here :)

Author

Commented:
@NormanMaina: Yes, you're right! But I'm hoping you could still be of support for my next query.
:-)
stiebel:>if its something i'm familiar with,I'll try my best to help.

Author

Commented:
Thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial