Sunday, 2 February 2014

Office365: Outlook credential pop-ups after moving to the cloud



Preface 

After moving some mailboxes to the cloud, you can enter dark zone.
Some, most or even all of the users could start complain, that this nagging credential pop-up starts showing up after every Outlooks windows open.

In most cases it is enough to click Cancel to start using Outlook, in others - you have to provide password.

Below you can see solution for company that I manage. It could resolve your problem or let you know where to search problems.

Step-by-step
After any step please restart Outlook and check its behavior within 5-10 minutes.

1. For testing purposes - remove any access for other mailboxes which users has access to from Exchange and Outlook side.

Exchange side 
(you can change AccessRights, but probably this is what you want):
First run this cmd-let to check permissions:

Get-Mailbox -Server ServerName | Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) }

If the list is long and you don't want do remove all entries, you can pipe them out:

Get-Mailbox -Server ServerName | Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) }|fl >C:\temp\fullaccess.txt

If you want to remove all access that list shows, then go on: 

Get-Mailbox -Server ServerName | Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } |Remove-MailboxPermission

Outlook side:
Go to advanced account settings and look if it has another mailboxes added. If yes-write down each name and remove them all for testing.

In the same window clear “Download shared folders”

2. Disable or remove shared calendars in Outlook

3. Check DNS suffixes on any used connection (Wi-Fi, LAN) advanced TCP/IP protocol version properties. 
In the “Append these DNS suffixes (in order)” you can find some entries which are OK, but if they are not set for your company or you know they are not correct – remove them.

4. Check Outlook Anywhere settings:
For migrated users - check if the user has been added to migrated users security group if you set one for gpo for OutlookAnywhere settings as we did. If not - add him or her and re-logon to the Windows
For non-migrated to Office365 users OA should be disabled or set as you probably know how- if not you can check on different Outlook, which is working properly,  
For users migrated to Office365 OutlookAnywhere should be set as follows: 

5. Delete .ost outlook files in user profile (%userprofile%\AppData\Local\Microsoft\Outlook
6. Delete cached credentials in Windows Credential Manager
7. Disable all COM add-ins in Outlook options:

8. Disable Microsoft Lync if user is using it
9. Run Outlook in Safe mode (run with Ctrl key pressed)
10. Recreate Outlook profile in the Mail option in the Control Panel
11. Run Outlook with /rpcdiag switch to check exactly how Outlook is trying to connect,make a screenshot for future use - maybe Microsoft support?
12. When Outlook is opened rightclick on Outlook icon in the tray and select "test connection" option, and check to which servers Outlook is trying ro connect,make a print screen too.
13. Create the same user account on clean Windows installation.If Outlook will work properly, recreate Windows user profile on problematic computer.

No comments:

Post a Comment