• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5332
  • Last Modified:

Windows 7 keeps asking for creds...SBS 2008 network

Ok, so this is a weird one...
Win7 pro keeps asking for credentials when a particular user logs in ("Windows need to verify your credentials - lock & unlock...etc") - if you do that you can then (maybe) see shares on a local server, but then try and go into the share and it asks again... when trying to configure an outlook account (to exchange 2007) it will NOT recognise the user even with the FQDN. If you use the IP address of the SBS it picks it up but won't open Outlook.

Some other info:
1. This user works perfectly fine in XP on other machines;
2. Seems to happen on other Win7 machines;
3. User is local administrator;
4. Other users on Win7 work fine;
5. Only thing different about this user that i can think of was that we changed his docs redirection at one point (for his XP machines);
6. Running SBS2008 virtual server
7. Disabled any firewall apps
8. Removed any fingerprint cred apps on workstations

Any ideas would be greatly appreciated!
Thanks.
0
wait1
Asked:
wait1
  • 6
  • 4
  • 2
1 Solution
 
johnb6767Commented:
In the credential Manager, are there any stored domain credentials for this user? Locked account when this happens? Recently changed a password?
0
 
rsoly777Commented:
Try a re-boot of the client, if that does not work try re-adding the machine to the domain.
Last ditch effort re-boot the server
0
 
wait1Author Commented:
Thanks - i'll check domain creds, but as he can log into XP with no worries i know it's not an actual user pass issue - it's something to do with Win7 and his account, that differs from XP relating to his account. All the usual stuff i have tried - rebooting everything, etc. I've even gone to the trouble of reinstalling a perfectly good (and new) Sony notebook to see if it was a bad Win7 install. As this problem is happening on other Win7 machines on the network (and not XP machines) i'm fairly sure the problem does not lie with a specific machine or hardware but rather something to do with Win7 or how Win7 handles the authentication for that particular user.
Thanks.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
johnb6767Commented:
"Thanks - i'll check domain creds, but as he can log into XP with no worries i know it's not an actual user pass issue - "

Only reason I suggested this was in the event the stored password is different than the current one in AD, is because that password is passed first, and AD will stop access until current creds are entered....

But if this happens for multiple users on multiple machines, that theory is out...

Unless you are on Cached Logons as well..... Doubtful though....
0
 
wait1Author Commented:
Got another (same Sony model) notebook on the network with a different user which keeps asking for creds, but then seems to work ok once put in.

This one is on the domain as before, same software, etc...

any other ideas, anyone? Perhaps it's a Sony thing...?
thanks.
0
 
rsoly777Commented:


In Outlook try the following: Go to file> Data File Management> Email tab> select Exchange account>Select Change> Select More Settings> Select Security Tab> In the Logon network security drop down, select Password Authentication (NTLM)—the default is Kerberos Password Authentication. Click OK, click Next and Finish. Close and restart Outlook.

I actually had a user that was experiencing a very similar issue the other day and this worked.
0
 
wait1Author Commented:
rsoly777... since i couldn't even get Outlook to open i was very skeptical of your post, but out of respect (and also because i just have no freakin' idea why this is happening and i've tried everything else) i thought i'd at least try it:

I managed to get it to pick up the user's name (in Outlook) by initially using the IP address of the server; it then 'finds' the user's full name (underlined, which was my problem before) and then proceeds to give a few more errors. At least now, however, i could get to More Settings, etc... and change the authentication.

Knock me down! It connected and is now synching mail. The login issue is therefore a similar authentication issue - now i just need to find how to change that on the SBS08 and we should be dancing!

Thanks, rsoly777... almost there!
0
 
rsoly777Commented:
Have you tried to re-join the machine to the domain?
0
 
wait1Author Commented:
Yep, i've rejoined, wiped, reloaded, attempted an XP downgrade (no drivers), setup without imaging disc, joined with 'connect' wizard and without...

bah...
0
 
rsoly777Commented:
Hopefully this is your answer:
Look at this website specifically the last entry which I have included:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/9f4c40ab-bd35-4936-a936-2bcbeaf43387/

"I can confirm this solution, and that it applies to Windows Server 2008 as well as Windows 7 Pro 64-bit.  Here's a copy of my posting in another forum with the details:

I found a solution--at least in our scenario.  Background:  we are not using a VPN, nor are we using SmartCards; however, recently, I started getting this balloon popup from the system tray with the following message:

"Windows needs your current credentials.  Please lock this computer, then unlock it using your most recent password or smartcard."

Searching around the web, I found a forum posting about the user account setting "Use Kerberos DES encryption types for this account" and how it can cause this error popup under certain circumstances.  When I saw that, I knew it was probably the source of my problem, since I had recently enabled that option on my account (trying to be clever and not really knowing for sure whether it was needed).

Sure enough, I removed the Kerberos DES encryption types setting from my account and the balloon popup messages stopped.

This setting is found in Active Directory Users and Computers (on a Domain Controller):  look for the user account affected in the Users folder, select the user account, Right-click, then select Properties; look on the properties Account tab under "Account options:" in the list box.  Scroll down and Clear the checkbox for the option "Use Kerberos DES encryption types for this account" and click OK.  Then logoff, and logon again.

It fixed it for me.  Hope this helps."


0
 
wait1Author Commented:
Hi. My apologies for not replying. To be honest i didn't realise post ID 37154424 was there... i thought i was getting reminded for previous posts, and as i hadn't yet achieved a full resolution i had little to report.

rsoly777 i've just applied that fix by unticking the DES tickbox for said user. I'll email him and find out tomorrow if it stil happens, and will let you know .
thanks again!
0
 
wait1Author Commented:
The report back is that this solution resolved the problem for the user - if anything changes i'll repost, but thanks rsoly777. This was a really unusual one in my experience, and a real bugger to isolate, so thanks a lot for your leads on this - i really didn't know where to look.

Much appreciated!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now