Solved

Outlook 2010 prompting for credentials

Posted on 2014-10-06
13
122 Views
Last Modified: 2014-11-16
Hello,
I have an interesting issue with a group policy running on our new Windows 7 workstations.
Our setup is as follows:
Our server is running Windows Server 2003 with Exchange 2003.
Our old Windows XP workstations are running Office 2007.
Our new Windows 7 workstations are running Office 2010.

Our Windows XP workstations run fine with our current group policy but we have found that when we add our new Windows 7 workstations to the same policy Outlook 2010 stops connecting to the server after about a week and requests you type in a username and password. I have tried the users domain details but it fails to authenticate. The strange part is Outlook works for about a week and then just stops working after that it starts requesting for authentication details.

If I remove the workstation from the group policy and perform a “gpupdate /force” on the host then Outlook will once again connect to the server.

I have checked the event logs on the server and found the following events:
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      675
Date:            09/10/2014
Time:            11:29:58
User:            NT AUTHORITY\SYSTEM
Computer:      Server1
Description:
Pre-authentication failed:
       User Name:      sthompson
       User ID:            linkwon\ sthompson
       Service Name:      krbtgt/linkwon.COM
       Pre-Authentication Type:      0x0
       Failure Code:      0x19
       Client Address:      10.1.40.7

Does anyone know of any differences in Office 2010 that may be causing this issue where Outlook 2010 requests authentication?
0
Comment
Question by:Sc0t
  • 8
  • 5
13 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40363414
Could you share the Group Policy that is being applied with us for further review please?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40363415
Also have you tried installing Office 2010 on a XP machine and then applying the GPO to it to see if its an issue with Office 2010?
0
 

Author Comment

by:Sc0t
ID: 40363667
Please see file attached of our GPO.
Win7-GPO.rtf
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40363879
Right I can see your policies controlling a lot of RPC Authentication methods which might be the cause.

Also i'm assuming this happens to all of the Windows 7 clients that are joined to the domain?

To ensure the issue is being caused by the GPO you attached, can you place the machine into an OU with no policies being received (Block Inheritance) then see if the issue still occurs, at least then we have ruled in/out the Group Policy being the issue. If the issue occurs without the GPO it maybe pointing to a client side issue maybe something like "Cached Exchange Mode" being enabled or a corrupt local mail profile (This would be highly unlikely)

Definitely install Office 2010 onto an XP machine and provide the result.

Also worth noting, that Outlook has  something in built which shows you all the connections it's making/attempting to make. To view it locate the notification area Outlook icon in the task bar (the icons on the right of the screen by the clock) and then ctrl+right-click to bring up a slightly different context menu, in there click Connection Status, then in here it will tell you where it is trying to connect to.

Also ensure that Office 2010 is updated up to SP1 which has fixes for this sort of issue.
0
 

Author Comment

by:Sc0t
ID: 40365672
Also i'm assuming this happens to all of the Windows 7 clients that are joined to the domain?
Answer: Yes it does.

When I remove the workstation from the group policy e.g. no GPO being applied then Outlook works fine.

Office is up to date with all the latest patches and has sp2 applied.
0
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40366806
I think the issue maybe to do with RPC authentication which seems to be getting controlled in the GPO. I recommend removing them one by one until the issue doesn't happen then at least you know what part of the GPO doesn't work.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Sc0t
ID: 40367906
Ok I will try removing the RPC authentication one by one and let you know the result.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40380382
0
 

Author Comment

by:Sc0t
ID: 40382381
Hi Roshan,

We do not use a proxy on our network.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40382434
Has anything come from removing the RPC parts from the GPO?
0
 

Author Comment

by:Sc0t
ID: 40384293
At the moment I am waiting for the issue to re-appear.
I have added two machines to the GPO in question but at the moment Outlook is working as expected.

The strange thing is previously it took about a month before the machines that were in this particular GPO stopped working and Outlook started requesting for authentication credentials.

As soon as we removed the machines from the GPO they all started working again.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40384324
Right ok, its probably wise to do what I said,

I know its a pain but I've had to go through this many times even internally we agreed its not best to manage too many authentication settings (RPC's) via GPO as these issues can surface, if you implement them then you need to be prepared to do things like this to find out which setting is causing the problem.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40384326
If you wanted you could put the Windows 7 machines in a separate OU and then exclude them from this policy (If it isn't required)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
Being able to change email signatures is made really simple with email signature software and services.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now