[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 7 keeps asking for creds...SBS 2008 network

Posted on 2011-10-27
13
Medium Priority
?
4,978 Views
Last Modified: 2012-05-12
Ok, so this is a weird one...
Win7 pro keeps asking for credentials when a particular user logs in ("Windows need to verify your credentials - lock & unlock...etc") - if you do that you can then (maybe) see shares on a local server, but then try and go into the share and it asks again... when trying to configure an outlook account (to exchange 2007) it will NOT recognise the user even with the FQDN. If you use the IP address of the SBS it picks it up but won't open Outlook.

Some other info:
1. This user works perfectly fine in XP on other machines;
2. Seems to happen on other Win7 machines;
3. User is local administrator;
4. Other users on Win7 work fine;
5. Only thing different about this user that i can think of was that we changed his docs redirection at one point (for his XP machines);
6. Running SBS2008 virtual server
7. Disabled any firewall apps
8. Removed any fingerprint cred apps on workstations

Any ideas would be greatly appreciated!
Thanks.
0
Comment
Question by:wait1
  • 6
  • 4
  • 2
12 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 37038680
In the credential Manager, are there any stored domain credentials for this user? Locked account when this happens? Recently changed a password?
0
 
LVL 9

Expert Comment

by:rsoly777
ID: 37038765
Try a re-boot of the client, if that does not work try re-adding the machine to the domain.
Last ditch effort re-boot the server
0
 
LVL 2

Author Comment

by:wait1
ID: 37039039
Thanks - i'll check domain creds, but as he can log into XP with no worries i know it's not an actual user pass issue - it's something to do with Win7 and his account, that differs from XP relating to his account. All the usual stuff i have tried - rebooting everything, etc. I've even gone to the trouble of reinstalling a perfectly good (and new) Sony notebook to see if it was a bad Win7 install. As this problem is happening on other Win7 machines on the network (and not XP machines) i'm fairly sure the problem does not lie with a specific machine or hardware but rather something to do with Win7 or how Win7 handles the authentication for that particular user.
Thanks.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 66

Expert Comment

by:johnb6767
ID: 37051777
"Thanks - i'll check domain creds, but as he can log into XP with no worries i know it's not an actual user pass issue - "

Only reason I suggested this was in the event the stored password is different than the current one in AD, is because that password is passed first, and AD will stop access until current creds are entered....

But if this happens for multiple users on multiple machines, that theory is out...

Unless you are on Cached Logons as well..... Doubtful though....
0
 
LVL 2

Author Comment

by:wait1
ID: 37129022
Got another (same Sony model) notebook on the network with a different user which keeps asking for creds, but then seems to work ok once put in.

This one is on the domain as before, same software, etc...

any other ideas, anyone? Perhaps it's a Sony thing...?
thanks.
0
 
LVL 9

Expert Comment

by:rsoly777
ID: 37132366


In Outlook try the following: Go to file> Data File Management> Email tab> select Exchange account>Select Change> Select More Settings> Select Security Tab> In the Logon network security drop down, select Password Authentication (NTLM)—the default is Kerberos Password Authentication. Click OK, click Next and Finish. Close and restart Outlook.

I actually had a user that was experiencing a very similar issue the other day and this worked.
0
 
LVL 2

Author Comment

by:wait1
ID: 37136127
rsoly777... since i couldn't even get Outlook to open i was very skeptical of your post, but out of respect (and also because i just have no freakin' idea why this is happening and i've tried everything else) i thought i'd at least try it:

I managed to get it to pick up the user's name (in Outlook) by initially using the IP address of the server; it then 'finds' the user's full name (underlined, which was my problem before) and then proceeds to give a few more errors. At least now, however, i could get to More Settings, etc... and change the authentication.

Knock me down! It connected and is now synching mail. The login issue is therefore a similar authentication issue - now i just need to find how to change that on the SBS08 and we should be dancing!

Thanks, rsoly777... almost there!
0
 
LVL 9

Expert Comment

by:rsoly777
ID: 37142721
Have you tried to re-join the machine to the domain?
0
 
LVL 2

Author Comment

by:wait1
ID: 37143037
Yep, i've rejoined, wiped, reloaded, attempted an XP downgrade (no drivers), setup without imaging disc, joined with 'connect' wizard and without...

bah...
0
 
LVL 9

Accepted Solution

by:
rsoly777 earned 2000 total points
ID: 37154424
Hopefully this is your answer:
Look at this website specifically the last entry which I have included:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/9f4c40ab-bd35-4936-a936-2bcbeaf43387/

"I can confirm this solution, and that it applies to Windows Server 2008 as well as Windows 7 Pro 64-bit.  Here's a copy of my posting in another forum with the details:

I found a solution--at least in our scenario.  Background:  we are not using a VPN, nor are we using SmartCards; however, recently, I started getting this balloon popup from the system tray with the following message:

"Windows needs your current credentials.  Please lock this computer, then unlock it using your most recent password or smartcard."

Searching around the web, I found a forum posting about the user account setting "Use Kerberos DES encryption types for this account" and how it can cause this error popup under certain circumstances.  When I saw that, I knew it was probably the source of my problem, since I had recently enabled that option on my account (trying to be clever and not really knowing for sure whether it was needed).

Sure enough, I removed the Kerberos DES encryption types setting from my account and the balloon popup messages stopped.

This setting is found in Active Directory Users and Computers (on a Domain Controller):  look for the user account affected in the Users folder, select the user account, Right-click, then select Properties; look on the properties Account tab under "Account options:" in the list box.  Scroll down and Clear the checkbox for the option "Use Kerberos DES encryption types for this account" and click OK.  Then logoff, and logon again.

It fixed it for me.  Hope this helps."


0
 
LVL 2

Author Comment

by:wait1
ID: 37269537
Hi. My apologies for not replying. To be honest i didn't realise post ID 37154424 was there... i thought i was getting reminded for previous posts, and as i hadn't yet achieved a full resolution i had little to report.

rsoly777 i've just applied that fix by unticking the DES tickbox for said user. I'll email him and find out tomorrow if it stil happens, and will let you know .
thanks again!
0
 
LVL 2

Author Closing Comment

by:wait1
ID: 37270791
The report back is that this solution resolved the problem for the user - if anything changes i'll repost, but thanks rsoly777. This was a really unusual one in my experience, and a real bugger to isolate, so thanks a lot for your leads on this - i really didn't know where to look.

Much appreciated!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question