Share via

Outlook and Teams prompting users for Microsoft 365 login at almost every launch of the apps (Microsoft 365 Apps on Windows Server 2019, 2022 as Terminal Server)

Anonymous
2023-09-26T07:51:35+00:00

Hello everyone,

as a service provider we are hosting several terminal servers across many customers and unfortunately, many users keep experiencing problems with Microsoft Teams and Outlook on Windows Server 2019 and 2022.

This is going to be a lengthy post, so here is key information to start with:

  • In general, Outlook and Teams do not perform well on terminal servers, especially Microsoft Teams, to a point where many users are reluctant to use it, but this is a separate case I think.
  • The servers have plenty of resources, so this should not be the cause of these issues.
  • These issues are independent of the customer's hardware and environment that these servers are hosted on, be it ESXi or Hyper-V.
  • These issues exist across many customers with completely unrelated systems or hosting locations.
  • Windows Server and Microsoft 365 Apps are up to date of course.
  • Other 365 Apps like Word, Excel, PowerPoint are unaffected and work just fine.
  • Outlook is connecting to mailboxes in Exchange Online, so no on-prem Exchange Servers that might cause this. The most common problem - which this post is about - is the user being asked to login to Microsoft 365 at almost every launch of Outlook or Teams - or Teams failing to load completely, which I believe has the same root cause.

Now some observations:

  • The Microsoft 365 login prompt will show up most of the time - but not always - after logon to the session on the server.
  • Teams will randomly fail to sign in the user: "There was a problem..."
  • Logging the user out and back in in a different Office App like Word and then restarting Teams sometimes fixes this problem.
  • However, this action does not fix the issue with the Outlook login prompt.

Troubleshooting:

  • I won't even going to seriously discuss re-installing Office 365 here because I did it several times already on many different terminal servers without affecting this problem in any way. It seems to be a problem with the Microsoft 365 account management inside Office and Windows, which lead me to the following:
  • As countless posts on the internet already suggest, deleting or refreshing the Microsoft.AAD.BrokerPlugin Folder (%localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy) sometimes helps but doesn't appear to be a permanent solution. You can just delete the folder and sign the user back in - or use the PowerShell command if (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.AAD.BrokerPlugin as explained here: https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/automatic-authentication-fails
  • The command above is part of a self-service script I wrote for some clients, so that they can attempt to fix the problem for themselves, temporarily.
  • After several weeks of troubleshooting we made some real progress by clearing out Windows Firewall rules in the registry, check this out, especially if you have problems with Teams: https://learn.microsoft.com/en-us/answers/questions/204147/windows-server-2019-rds-start-search-does-not-work?sort=oldest&orderby=oldest&page=1 (scroll down to the posts of a user called Björn Braun)

It's pretty insane, it seems that on terminal servers, the packages found in %localappdata%\Packages (responsible for start menu, taskbar, Microsoft 365 login and many more core functions of the user interface) seem to spam the registry with firewall entries until they stop to work properly. Basically, you need to delete all entries starting with { in HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules and HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules - then add DeleteUserAppContainersOnLogoff = 1 to HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

We clear them out by having a weekly scheduled task that does this:

| *Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" -Name "{\*"  Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules" -Name "{\*"  Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" -Name "{\*"   Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules" -Name "{\*"   New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" -Name "DeleteUserAppContainersOnLogoff" -Value 1 -PropertyType DWORD* |
| --- |

This at least made Teams much more reliable... feel free to try this if your users can't login into Teams and check if it helped.

However, the Outlook login prompt is driving me and my customers nuts, I can't figure out the cause of the problem. I checked all the autodiscover entries, saved user credentials, "Identity" folder in the Office registry, ... I just want Outlook to reliably store the credentials.

Has anyone of you ever fought this problem?

Edit: Fixed formatting

Outlook | Windows | Classic Outlook for Windows | For home

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-12-12T22:34:00+00:00

    The following fixed it for me:

    https://administrator.de/forum/office-365-will-auf-terminalserver-immer-anmeldung-73778863327.html

    Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"EnableADAL"=dword:00000001  
"DisableAADWAM"=dword:00000001  
"DisableADALatopWAMOverride"=dword:00000001

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2023-11-13T14:33:15+00:00

    Hello De Paul, thank you for your reply. I checked the affected terminal servers against the list of your suggestions:

    • Check if the user's account has the necessary permissions to access Microsoft 365 apps on the terminal server.
    • Ensure that the terminal server is up to date with the latest Windows updates and patches.
    • Try repairing or reinstalling Microsoft 365 apps on the terminal server.
    • Check if there are any third-party applications or antivirus software that may be interfering with the Microsoft 365 apps on the terminal server.

    All of this should be OK on our side. We are running the latest Windows updates (Office and Windows) and the users have access to MS 365 apps and the proper licensing (Microsoft 365 Business Premium for each user). Two weeks ago, I did a complete un- and re-install of the Microsoft 365 apps with the Office support tool which didn't really solve the problem, however some users reported less problems. So the issue still persists unfortunately.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2023-09-26T08:49:13+00:00

    Dear Andi Hess,

    Good day! Thank you for posting to Microsoft Community. We are happy to help you.

    Based on your description, I understand that you have a query "Outlook and Teams prompting users for Microsoft 365 login at almost every launch of the apps (Microsoft 365 Apps on Windows Server 2019, 2022 as Terminal Server)".

    Thank you for reaching out to Microsoft customer support. I understand that you are experiencing issues with Outlook and Teams prompting users for Microsoft 365 login at almost every launch of the apps on Windows Server 2019 and 2022 as Terminal Server. I apologize for the inconvenience this has caused you and your customers.

    Based on the information you have provided; it seems that the issue may be related to the Microsoft 365 account management inside Office and Windows. You have already tried deleting or refreshing the Microsoft.AAD.BrokerPlugin Folder, which sometimes helps but doesn't appear to be a permanent solution. You have also cleared out Windows Firewall rules in the registry, which has made some real progress.

    I suggest that you try the following steps also to see if they help resolve the issue:

    • Check if the user's account has the necessary permissions to access Microsoft 365 apps on the terminal server.
    • Ensure that the terminal server is up to date with the latest Windows updates and patches.
    • Try repairing or reinstalling Microsoft 365 apps on the terminal server.
    • Check if there are any third-party applications or antivirus software that may be interfering with the Microsoft 365 apps on the terminal server.

    Contact Microsoft support for further assistance if the issue persists since it may be due to the issue on the server backend.

    I hope this information helps. Please let me know if you have any further questions or concerns; Please understand that our initial reply may not always immediately resolve the issue. However, with your help and more detailed information, we can work together to find a solution. Thank you for your cooperation.

    Sincerely,

    De Paul | Microsoft Community Moderator

    Was this answer helpful?

    0 comments