Outlook 365 in on prem domain joined terminal server asking for users 365 password every time they log on to the terminal server.

AngryViking32 46 Reputation points
2022-12-06T03:21:43.277+00:00

Quite a specific issue
We have an environment set up like so:

  • On prem AD with local domain that is synced to azure.
  • The terminal servers are joined to the local domain.
  • Users use local domain creds to log on to the terminal server.
  • They are on a farm and use standard windows profile disks - no fslogix (and its not going to happen. We have had a Bad Time™ with it in the past).
  • Mail accounts are all on exchange online.
  • Credentials for local domain and azure are synced so they have the same username and password in both.

the issue we are having is:
When a user logs into a terminal server on the farm and opens Outlook, they are prompted to enter their exchange online account credentials.
Closing and opening Outlook within that session does not re-prompt for creds.
If the user logs out of the terminal server, then logs back in and opens Outlook, they are again prompted for credentials.
Nothing appears to be getting saved to credential manager.
We have tried everything from these articles already:
https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/automatic-authentication-fails
https://learn.microsoft.com/en-us/outlook/troubleshoot/authentication/password-prompt-at-every-start-or-cannot-create-profile
https://learn.microsoft.com/en-us/answers/questions/597147/office-365-outlook-keeps-asking-o365-credentials-e.html
https://community.spiceworks.com/topic/2358308-office-365-on-rds-requiring-sign-in-each-time-a-user-connects

Edit: We have also re-created the user profile by removing the UPD, we also re-created the outlook profile.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Outlook | Windows | Classic Outlook for Windows | For business
{count} votes

3 answers

Sort by: Most helpful
  1. Laurin Bernet 5 Reputation points
    2023-01-19T13:48:49.0633333+00:00

    Hi all

    I got the same issue, and not just in one environment..

    We've got the exacte same setup as @AngryViking32 discribed above.

    The registry key, as well as link from @Faery Fu-MSFT couldn't resolve the issue.

    With Terminal Server 2019 I was able to circumvent the error with a Powershell Script, which is coping the "C:\Users\username\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC" folder to a networ share when loging of and when loging back on copying the folder from the share back to the user's AppData (replacing the existing folder). I assume the Problem is, that this folder is somehow recreated when loging on the TS. For whatever reason... But if someone has a real solution for this error I would be very greatful.

    1 person found this answer helpful.

  2. Limitless Technology 44,766 Reputation points
    2022-12-07T11:39:59.647+00:00

    Hi,

    Thank you for posting your query.

    Kindly follow the steps provided below to resolve your issue.

    Create the following registry key to force Outlook to use a newer authentication method for web services, such as EWS and Autodiscover. We recommend that users force Outlook to use Modern Authentication.

    Exit Outlook.

    Start Registry Editor by using one of the following procedures, as appropriate for your version of Windows:

    Windows 10, Windows 8.1, and Windows 8: Press Windows Key + R to open a Run dialog box. Type regedit.exe, and then press Enter.

    Windows 7: Click Start, type regedit.exe in the search box, and then press Enter.

    In Registry Editor, locate and click the following registry subkey:

    ConsoleCopy

    HKEY_CURRENT_USER\Software\Microsoft\Exchange

    On the Edit menu, point to New, and then click DWORD Value.

    Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.

    Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.

    In the Value data box, type 1, and then click OK.

    Exit Registry Editor

    Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/en-us/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled

    https://learn.microsoft.com/answers/questions/597147/office-365-outlook-keeps-asking-o365-credentials-e.html

    -----------------------------------------------------------------------------------------------------------------------------

    If the answer is helpful kindly click "Accept as Answer" and up vote it.

    0 comments No comments

  3. M. van Ast | Accept Systems B.V 0 Reputation points
    2023-09-04T12:36:38.19+00:00

    Hi all,

    We have the exact same environment with Outlook 365 and Windows Server 2019 with UPD.

    The RDS servers are having this issues since they where upgraded form Server 2016 to server 2019.

    If someone has a better solution than the copy folder I would be really greatful.

    Thanks,

    Michel

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.