Domain user prompted to enter credentials for Sharepoint

I am hoping someone out there has an answer for me.

We have 1 user that is prompted to enter his domain credentials when he opens IE to connect to our Sharepoint site.  Once he enters his credentials, he gets in fne.  Once he closes all instances of IE, he is again prompted to enter his credentials.  The challenge box does remember his username, if that means anything to anybody.

This started about 2 weeks ago.  He received a new PC about 6 months ago and had no prior problems with this.  The PC is running XP SP3 with all current patches and IE8.  When this started, we suspected a corrupt profile, so we recreated the profile and the problem went away until today.  Our Sharepoint site is listed under the local intranet zone and when on the site it is recognized as being local intranet.  Also, the radio button under the security settings is selected for Automatic logon with current username and password.  We have also tried Automatic logon only in Intranet zone, but that does not change the outcome.  We use proprietary  point of sale/sales lead software that has our Sharepoint site embedded in it, so using a different browser is not an option..

Is there anything that you can think of that we might not have tried or any idea as to what might be causing this?

Thanks in advance for any thoughts.
bbwbAsked:
Who is Participating?
 
bbwbConnect With a Mentor Author Commented:
rebuilt profile
0
 
Rommel SultanCommented:
If someone else login in to this machine does it has the same issue?
I am referring to a different user with the same previledges logging in to the same machine.
0
 
Greg BurnsSQL / SharePoint ConsultantCommented:
OK, the easy one first:
The "Remember my password" button is worthless for IIS and Windows Authentication.  It's a red herring.  It will never remember your password.  

Anyway, the behavior you're describing is what I see all the time, because my laptop is not joined to any domain.  I must authenticate once, each time I want to make a new connection to my SharePoint site.  This same login is remembered and used in each new tab or window that is spawned from this session.

When the user closes all his IE windows, this closes the session in IIS and when he reconnects, he must re-authenticate.  Normally not a problem, if he is on a domain workstation, because if his browser is configured (as you said) to include the SharePoint site in the Local Intranet, his credentials should be automatically passed via IIS to AD, and then SharePoint will authorize the user.  

Since this isn't happening, it suggests to me that his Windows login isn't the same as his AD account.

Is the user's computer a domain machine?  Have you tried disjoining/rejoiining the domain?
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
Greg BurnsSQL / SharePoint ConsultantCommented:
Also:

You said that you recreated his profile and after that, the login prompt went away.  Then something changed and now he gets it the first login to SharePoint.  

You might look to see if the user changed his Internet Explorer Settings to delete history when the browser is closed.  If his credentials are cached here by a cookie, they would be purged by this.

But I don't think that's it.  IIS authentication is really straightforward and I don't think Windows credentials are cached in any case.

Another question.  Is the URL a fully-qualified domain name (e.g. http://portal.company.com) or is it a short name (e.g. http://portal or http://Server01)?  Short name servers are automatically detected as Local Intranet Zone, but FQDNs are always considered as Internet Zone and credentials are not automatically passed.  You might try adding an Alternate Access Mappign on this SharePoint site to provide a "Short name" address (such as http://portal) for internal users.  

1. Create a DNS "A" record for the web application.
2. In Central Administration, go to Operations-->Alternate Access Mappings
3. Change the "Alternate Access Mapping Collection" to the correct web application
4. Click "Edit public URLs" and, on an available line (it doesn't matter which) add the short URL you just created in DNS (e.g. http://portal)

At this point, all internal users should be able to resolve the site using the short URL, which IE will treat as Local Intranet.

Just something to try.
0
 
bbwbAuthor Commented:
rsultan,

If I log in using my credentials, I am automatically connected without being prompted for credentials so it is only happening with this one user.
0
 
bbwbAuthor Commented:
poortatey,

The windows login and AD login are the same and the PC is a domain pc.  I just tried disjoining/rejoining the domain and the same thing still happens.  I also checked and the user does not have the delete on exit option set in IE.  We use a FQDN (intranet.xyzcompany.com).  I will try your next suggestions.

Thanks for the input.
0
 
Rommel SultanCommented:
Registry entry might not completely wipe out.

Can you try this.

Login using clients account
run Regedit
Navigate to HKCU\Software\Microsoft
and rename "Internet Explorer" to "IEbackup"
Run IE
0
 
bbwbAuthor Commented:
rsultan

Registry entry might not completely wipe out.

Can you try this.

Login using clients account
run Regedit
Navigate to HKCU\Software\Microsoft
and rename "Internet Explorer" to "IEbackup"
Run IE

Didn't change anything.

Thanks for the suggestion.
0
 
bbwbAuthor Commented:
poortatey,

Tried the following:

1. Create a DNS "A" record for the web application.
2. In Central Administration, go to Operations-->Alternate Access Mappings
3. Change the "Alternate Access Mapping Collection" to the correct web application
4. Click "Edit public URLs" and, on an available line (it doesn't matter which) add the short URL you just created in DNS (e.g. http://portal)

At this point, all internal users should be able to resolve the site using the short URL, which IE will treat as Local Intranet.

Same result as before.  Thanks for the suggestion.
0
 
Greg BurnsSQL / SharePoint ConsultantCommented:
Does this still happen if the user logs in to a different machine?
0
 
bbwbAuthor Commented:
poortatey,

When he logs onto a different PC, he is automatically logged in to our Sharepoint site.

It looks like even though we just recreated his profile, it might have corrupted again.  I am going to try recreating the profile again.
0
 
Greg BurnsSQL / SharePoint ConsultantCommented:
Yeah, it sounds like the profile all right.  Strange.  I haven't seen this particular thing happen before.  Just curious, but is this a PC or a laptop?
0
 
Rommel SultanCommented:
So issue is only isolated on this machine.
Can you try running Gpupdate /force

It seems like rebuild the system is the best option.
0
 
bbwbAuthor Commented:
It is a Dell Optiplex 760 PC.  We advise our users to reboot their PC's daily, however, most just walk away and let the PC's lock after 10 minutes.  After asking more questions of the user, I found out he had not logged off and for whatever reason, the PC rebooted on Saturday night.  It looks like that is where the profile corruption might have most recently happened.

The gpupdate didn't change anything either.

Thank you to you both for your suggesstions.  They were all helpful.
0
 
johnb6767Commented:
Since your Zones look to be configured right.....

start>run>"control keymgr.dll"

Is there any entry stored for this user, for the Sharepoint site? Stored passwords are presented before current credentials......
0
 
johnb6767Commented:
Update?
0
 
bbwbAuthor Commented:
tried all suggestions, which were helpful, but ultimately, rebuilding profile solved issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.