Solved

Domain user prompted to enter credentials for Sharepoint

Posted on 2010-11-22
18
3,266 Views
Last Modified: 2013-12-08
I am hoping someone out there has an answer for me.

We have 1 user that is prompted to enter his domain credentials when he opens IE to connect to our Sharepoint site.  Once he enters his credentials, he gets in fne.  Once he closes all instances of IE, he is again prompted to enter his credentials.  The challenge box does remember his username, if that means anything to anybody.

This started about 2 weeks ago.  He received a new PC about 6 months ago and had no prior problems with this.  The PC is running XP SP3 with all current patches and IE8.  When this started, we suspected a corrupt profile, so we recreated the profile and the problem went away until today.  Our Sharepoint site is listed under the local intranet zone and when on the site it is recognized as being local intranet.  Also, the radio button under the security settings is selected for Automatic logon with current username and password.  We have also tried Automatic logon only in Intranet zone, but that does not change the outcome.  We use proprietary  point of sale/sales lead software that has our Sharepoint site embedded in it, so using a different browser is not an option..

Is there anything that you can think of that we might not have tried or any idea as to what might be causing this?

Thanks in advance for any thoughts.
0
Comment
Question by:bbwb
  • 8
  • 4
  • 3
  • +1
18 Comments
 
LVL 7

Expert Comment

by:Rommel Sultan
Comment Utility
If someone else login in to this machine does it has the same issue?
I am referring to a different user with the same previledges logging in to the same machine.
0
 
LVL 8

Expert Comment

by:poortatey
Comment Utility
OK, the easy one first:
The "Remember my password" button is worthless for IIS and Windows Authentication.  It's a red herring.  It will never remember your password.  

Anyway, the behavior you're describing is what I see all the time, because my laptop is not joined to any domain.  I must authenticate once, each time I want to make a new connection to my SharePoint site.  This same login is remembered and used in each new tab or window that is spawned from this session.

When the user closes all his IE windows, this closes the session in IIS and when he reconnects, he must re-authenticate.  Normally not a problem, if he is on a domain workstation, because if his browser is configured (as you said) to include the SharePoint site in the Local Intranet, his credentials should be automatically passed via IIS to AD, and then SharePoint will authorize the user.  

Since this isn't happening, it suggests to me that his Windows login isn't the same as his AD account.

Is the user's computer a domain machine?  Have you tried disjoining/rejoiining the domain?
0
 
LVL 8

Expert Comment

by:poortatey
Comment Utility
Also:

You said that you recreated his profile and after that, the login prompt went away.  Then something changed and now he gets it the first login to SharePoint.  

You might look to see if the user changed his Internet Explorer Settings to delete history when the browser is closed.  If his credentials are cached here by a cookie, they would be purged by this.

But I don't think that's it.  IIS authentication is really straightforward and I don't think Windows credentials are cached in any case.

Another question.  Is the URL a fully-qualified domain name (e.g. http://portal.company.com) or is it a short name (e.g. http://portal or http://Server01)?  Short name servers are automatically detected as Local Intranet Zone, but FQDNs are always considered as Internet Zone and credentials are not automatically passed.  You might try adding an Alternate Access Mappign on this SharePoint site to provide a "Short name" address (such as http://portal) for internal users.  

1. Create a DNS "A" record for the web application.
2. In Central Administration, go to Operations-->Alternate Access Mappings
3. Change the "Alternate Access Mapping Collection" to the correct web application
4. Click "Edit public URLs" and, on an available line (it doesn't matter which) add the short URL you just created in DNS (e.g. http://portal)

At this point, all internal users should be able to resolve the site using the short URL, which IE will treat as Local Intranet.

Just something to try.
0
 

Author Comment

by:bbwb
Comment Utility
rsultan,

If I log in using my credentials, I am automatically connected without being prompted for credentials so it is only happening with this one user.
0
 

Author Comment

by:bbwb
Comment Utility
poortatey,

The windows login and AD login are the same and the PC is a domain pc.  I just tried disjoining/rejoining the domain and the same thing still happens.  I also checked and the user does not have the delete on exit option set in IE.  We use a FQDN (intranet.xyzcompany.com).  I will try your next suggestions.

Thanks for the input.
0
 
LVL 7

Expert Comment

by:Rommel Sultan
Comment Utility
Registry entry might not completely wipe out.

Can you try this.

Login using clients account
run Regedit
Navigate to HKCU\Software\Microsoft
and rename "Internet Explorer" to "IEbackup"
Run IE
0
 

Author Comment

by:bbwb
Comment Utility
rsultan

Registry entry might not completely wipe out.

Can you try this.

Login using clients account
run Regedit
Navigate to HKCU\Software\Microsoft
and rename "Internet Explorer" to "IEbackup"
Run IE

Didn't change anything.

Thanks for the suggestion.
0
 

Author Comment

by:bbwb
Comment Utility
poortatey,

Tried the following:

1. Create a DNS "A" record for the web application.
2. In Central Administration, go to Operations-->Alternate Access Mappings
3. Change the "Alternate Access Mapping Collection" to the correct web application
4. Click "Edit public URLs" and, on an available line (it doesn't matter which) add the short URL you just created in DNS (e.g. http://portal)

At this point, all internal users should be able to resolve the site using the short URL, which IE will treat as Local Intranet.

Same result as before.  Thanks for the suggestion.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 8

Expert Comment

by:poortatey
Comment Utility
Does this still happen if the user logs in to a different machine?
0
 

Author Comment

by:bbwb
Comment Utility
poortatey,

When he logs onto a different PC, he is automatically logged in to our Sharepoint site.

It looks like even though we just recreated his profile, it might have corrupted again.  I am going to try recreating the profile again.
0
 
LVL 8

Expert Comment

by:poortatey
Comment Utility
Yeah, it sounds like the profile all right.  Strange.  I haven't seen this particular thing happen before.  Just curious, but is this a PC or a laptop?
0
 
LVL 7

Expert Comment

by:Rommel Sultan
Comment Utility
So issue is only isolated on this machine.
Can you try running Gpupdate /force

It seems like rebuild the system is the best option.
0
 

Author Comment

by:bbwb
Comment Utility
It is a Dell Optiplex 760 PC.  We advise our users to reboot their PC's daily, however, most just walk away and let the PC's lock after 10 minutes.  After asking more questions of the user, I found out he had not logged off and for whatever reason, the PC rebooted on Saturday night.  It looks like that is where the profile corruption might have most recently happened.

The gpupdate didn't change anything either.

Thank you to you both for your suggesstions.  They were all helpful.
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Since your Zones look to be configured right.....

start>run>"control keymgr.dll"

Is there any entry stored for this user, for the Sharepoint site? Stored passwords are presented before current credentials......
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Update?
0
 

Accepted Solution

by:
bbwb earned 0 total points
Comment Utility
rebuilt profile
0
 

Author Closing Comment

by:bbwb
Comment Utility
tried all suggestions, which were helpful, but ultimately, rebuilding profile solved issue
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
Several part series to implement Internet Explorer 11 Enterprise Mode
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now