Avatar of David Donalson
David Donalson
Flag for United States of America asked on

outside of domain authentication issues

I have a Windows 2012 R2 Domain that I'm having some authentication issues with.  The problem is, when users leave the office with their laptops the laptop will not authenticate their local account.  This isn't a cache issue as they can log into their machine, but when they launch any application that requires authentication back to our servers it is not trusted and requires them to re-enter their credentials to use it.

Outlook 2016
SSO Apps  (Acronis Access)
ADFS (any of the adfs apps we use require re-authentication)

Inside the domain, all of these work normally and do not require any separate password but once I disconnect and put my laptop on a hotspot or take it home, it starts prompting for password.  I am looking into it being related to kerberos but i'm not 100% and thought I would reach out to the group to see if anyone else has seen this and know what I should look at.  If this is as expected then it really causes a lot of headaches for some of the apps, acronis access for instance just runs in the background like dropbox and syncs but as soon as they leave the office it stops working since the setting is to use the local computer account.  For Outlook, if I type my password at the prompt, it logs me in just fine.

3 DCs 2012 R2
AD running at 2012 R2 Level
Workstations i'm having issues is Windows 10, currently don't have any windows 7 but i may build one to test.
Microsoft OfficeMicrosoft Server OSWindows OSWindows Server 2012Active Directory

Avatar of undefined
Last Comment
David Donalson

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Cliff Galiher

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
David Donalson

ASKER
That is what I am suspecting which is why i was looking at the Kerberos.  Reason I felt like it was an issue was I don't remember having to enter the Outlook credentials when offsite.  So I imagine that is the negotiate authentication setting on Exchange 2013 that I will have to change to support Mapi over HTTP.
Michael B. Smith

Outlook in cached mode puts credentials into the Windows Credential Cache. That is, it has special code so that the auth info doesn't have to be re-entered every time. If it isn't in cached mode, or this has been disabled, re-auth will be required.
David Donalson

ASKER
Thank you for the assistance.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck