Back to Community Threads
Frequent Outlook/MAPI Password Prompts
Problem reported by Jay Dubb - 9/10/2024 at 7:23 AM
Submitted
J
A subset of users on Outlook using MAPI are plagued with password prompts.  At first users were being prompted to enter their 365 credentials (using Outlook 365) at least daily, some as often as every few hours, and their Smartermail passwords at least daily.  So, we gave the client the registry patch to force autodiscover directly to the Smartermail server-- putting only the Smartermail server under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers.

This stopped the MS 365 login prompts, presumably because Outlook is now communicating directly with the Smartermail server instead of proxying via 365 cloud.

However, the Smartermail Password prompts have NOT stopped.  Some users are still getting prompted for their email password every day or even every few hours.  

IT team has cleaned out Windows Credential Manger of any email-related accounts.  They've also deleted the Outlook profile and created a new one for affected users.  Still the password prompts continue, and these users are complaining to executives, which in turn is raining back down on us.

Anyone seen this?  Any ideas?  Fixes?  Workarounds?  SM version 8930 currently but it's been happening across multiple prior versions, too.  

NOTE:  Checking the "Remember my credentials" box is ineffective.
Derek Curtis Replied
9/10/2024 at 4:47 PM
Employee Post
Jay,

Are these users able to log in to webmail without issue? If they can't log in to webmail, you may want to check IDS settings. We've seen this behavior when the IDS settings are a bit too restrictive.
Derek Curtis
CCO
SmarterTools Inc.
D
Douglas Foster Replied
9/10/2024 at 6:24 PM
Outlook passwords are not stored in our roaming profiles.  As a result, users with multiple accounts have to enter secondary account passwords every day when they log in.  Is that related to your problem?
ICT Informatik Replied
9/12/2024 at 7:14 AM
Hi Jay

Perhaps our observations will help.

We're currently evaluating an MS Exchange alternative. Smartermail is promising, but we're still experiencing some major Outlook/Windows authentication issues with LDAP. 

1. Password prompt once per MAPI connection (multiple connections possible. Examples: public folders, shared mailboxes...). "Remember my credentials" is required.
-> Outlook/Exchange is able to pass through credentials. 
2. New AD user: password prompt -> Requires webmail login first.
3. AD user password change: Password prompt -> Requires webmail login first.
-> Imagine 200 Outlook users, password change twice a year = 400 support tickets. 

We're in contact with Smartermail support to solve these issues. Fortunately, the support team is very friendly and responsive.

Update 1: According to SmarterMail support, this is normal behavior. There are plans to implement OAuth, but without a release date.
At this point in time, this is not a viable alternative to MS Exchange.
J
Jay Dubb Replied
9/12/2024 at 11:21 AM
@Derek - We confirmed it's not an IDS issue.  In fact, it couldn't be, because we aggressively increased the penalty box to many hours (or days depending on type of violation).  If they triggered an IDS rule, they'd be locked out for a very long time, and re-entering the password wouldn't quickly restore access like it does now.

@Douglas - Thank you for the reply; it may help others.  However, this particular customer is not running an AD domain, so they don't have roaming profiles.  They have so many BOYD devices, that they elected not to go the domain route for the minority percentage of devices that are company owned.  For the small number of workers who need to share files, they use a cloud file sharing service.  The vast majority work in personal silos.
 
Run this on client machines

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeExplicitO365Endpoint"=dword:00000001
"ExcludeHttpRedirect"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"ExcludeScpLookup"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers]
"yourmailserver.com"=hex(0):


Remember to watch for your version of office. We are running 16.0
J
Jay Dubb Replied
9/12/2024 at 11:49 AM
@Brian - thank you.  That's actually the first thing her IT team did (kill the MS redirect servers) and autodiscover straight to Smartermail only.

I relayed Derek's response to our admin, who just took a long look at IDS blocks for the past 7 days, just to rule it out for sure.  None of the users having the "re-enter password" problem have triggered any IDS rules.  

For every IDS trigger in the past week, he traced it down "who did it" and nearly all of them are Chinese IPs or former employees with BYOD who apparently never removed their old email address from their email client, which is still trying to log in to non-existent accounts.  It's one of the hazards of BYOD.
 
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Set Up a MAPI Account in Outlook 2016 and Above for WindowsSmarterMail > Desktop and Mobile Synchronization
How to Thoroughly Replace Your MAPI AccountSmarterMail > Troubleshooting
Configure Outlook 2011 for MacOS with MAPI & EWSSmarterMail > Desktop and Mobile Synchronization
Import/Export a PST File Using OutlookSmarterMail > Desktop and Mobile Synchronization
Key Feature and Version Milestones in SmarterMailSmarterMail