Wednesday, October 12, 2022

Solved - Outlook Endlessly Asks for Password - Perhaps the biggest pain in my *ss solved!

 Outlook Requests Password Repeatedly - FIXED!



Some variation of this problem has plagued me on and off for years. I know you've seen it: Outlook asks for your password again and again and again . . . seemingly forever. But sometime, after ten or more attempts . . . it magically works. I've always thought that there were just layers of security that need to be verified. BUT, I know the one guiding rule of the 21st century: It's always DNS

So, I've solved a lot of these issues with troubleshooting of DNS and Autodiscovery, which is a 100% related to DNS.

But there are also layers of security added by O365 resellers, and all the servers between "the cloud" and your desktop. Somewhere along the line the right registry entries need to be in place to either ASK FOR or IGNORE certain levels of security.

Why? Well . . . Outlook relies, ultimately, on an active directory that used to be 100% onsite, and has morphed to the cloud. So the directory had evolved to emulate "onsite" requests in a hosted environment. And just to keep you guessing, that same AD is trying desperately to be compatible with a world that predates routing traffic from one LAN to another!!!

Bottom Line: O365 put the fuster in fuster-cluck!

(If you make a fortune selling t-shirts with that line, you owe me a beer.)


So . . . after step by painful step, I hope I have documented a process that will help you solve almost any occurrence of the annoying, frustrating, never-ending password request.

Feedback and improvements welcome.

-- -- --  

The Problem: Outlook (via O365) constantly asks for password, never connects.

A Proposed “Universal” Fix. Please execute each of these steps in order. When in doubt, reboot.

 

1.     Log the affected mailboxes

Name:                                                                                    

Email Address:                                                                       

Password:                                                                              

Assigned Autodiscover:                                                         

 

2.     Verify that DNS is correct

a.     DNS Servers at registrar

b.     Autodiscover within DNS

c.     Ping Autodiscover.domain.com

 

3.     Verify the problem

a.     Connect to affected machine [using whatever remote tool you commonly use]

b.     Open Outlook and verify that it requests password more than twice and never connects

c.     Use OWA or Webmail access to verify that the username/email/password combo are correct and work as expected.

 

4.     Verify Autodiscover registry entries

a.     Check out this article in case it’s interesting:
https://learn.microsoft.com/en-us/outlook/troubleshoot/profiles-and-accounts/unexpected-autodiscover-behavior

b.     Create this REG file: Autodiscoverfix.reg

                                               i.     Copy and paste this text exactly into Notepad or another text editor:

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover]

"ExcludeHttpsRootDomain"=dword:00000001

"PreferLocalXML"=dword:00000000

"ExcludeHttpRedirect"=dword:00000000

"ExcludeHttpsAutodiscoverDomain"=dword:00000001

"ExcludeScpLookup"=dword:00000001

"ExcludeSrvRecord"=dword:00000001

"ExcludeExplicitO365Endpoint"=dword:00000001

 

                                              ii.     Save the file as Autodiscoverfix.reg

                                             iii.     Run that file with administrative privileges
This may involve running CMD.exe with administrative privileges and then browsing to the appropriate folder and running it from the command line.

                                            iv.     Reboot and attempt to connect with Outlook.

If needed . . .

 

5.     Verify LSA registry entries (Local Security Authority)

a.     In Windows, click Start > Run. In the command box, type regedit and press enter

                                               i.     Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\

                                              ii.     Find the DisableDomainCreds entry. A value of 1 (enabled) will prevent you from saving new credentials
- If it doesn’t exist, create this DWord entry

                                             iii.     Change the value to 0 and reboot. You should now have the Add button available. Note that the value of 0 is the default value.

                                            iv.     Attempt to connect with Outlook.

If needed . . .

 

b.     Check the LmCompatibilityLevel entry.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\

                                    i.     It should be set to 3, which is the default value.
If you have another value, change it to 3.
If it does not work with 3, then change the value to 2 and retry.

                                   ii.     Reboot and attempt to connect with Outlook

If needed . . .

 

c.     Verify that your firewall or virus scanner/malware agent is not performing encrypted web scanning

 

Once you’re connected and things are fixed, you may notice that your Outlook is extremely slow. I’m not sure why this is, but it’s probably related to a database confused with different layers of security and connection information. To fix things up . . .

Create a new profile in Control Panel / Mail with the username, email, and password you just cleaned up. This will force the creation of a new OST file and should be much faster.


A few articles to make your life easier . . .

Troubleshooting Issues With Saving Outlook Password (serverdata.net) 

Why Can't I Connect My Outlook 2016/2019 To Exchange (serverdata.net)

How to Fix It When Outlook Keeps Asking for a Password (lifewire.com)

How To Fix The Credential Prompt Error In Outlook 2016/2019/O365 Desktop Client For Windows (serverdata.net)


Please post your feedback, questions, and anything else that will help folks be rid of this pain in the neck. 

:-)


3 comments:

  1. Example about the last item - Verify that your firewall or virus scanner/malware agent is not performing encrypted web scanning - Bitdefender has had problems with this recently.

    ReplyDelete
  2. It wasn't clear to me what the "fix" ended up being here? Can you elaborate? There were a multitude of possible "fixes" listed as being potentially the in play on this issue. Which one got it working for you?

    ReplyDelete
  3. Or was your comment what identified the fix (encrypted web scanning by firewall or EDR software)?

    ReplyDelete

Feedback Welcome

Please note, however, that spam will be deleted, as will abusive posts.

Disagreements welcome!