Preface
After moving some mailboxes to the cloud, you can enter dark zone.
Some, most or even all of the users could start complain, that this nagging
credential pop-up starts showing up after every Outlooks windows open.
In most cases it is enough to click Cancel to start using Outlook, in
others - you have to provide password.
Below you can see solution for company that I manage. It could resolve your
problem or let you know where to search problems.
Step-by-step
After any step please restart
Outlook and check its behavior within 5-10 minutes.
1. For testing purposes - remove any access for other mailboxes which users
has access to from Exchange and Outlook side.
Exchange side
(you can change AccessRights, but probably this is what you want):
First run this cmd-let to check permissions:
Get-Mailbox -Server ServerName |
Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq
"FullAccess") -and ($_.IsInherited -eq $false) -and -not
($_.User -like “NT AUTHORITY\SELF”) }
If the list is long and you don't want do remove
all entries, you can pipe them out:
Get-Mailbox -Server ServerName |
Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq
"FullAccess") -and ($_.IsInherited -eq $false) -and -not
($_.User -like “NT AUTHORITY\SELF”) }|fl >C:\temp\fullaccess.txt
If you want to remove all access that list shows, then go on:
Get-Mailbox -Server ServerName |
Get-MailboxPermission -user mailbox.alias | where { ($_.AccessRights -eq
"FullAccess") -and ($_.IsInherited -eq $false) -and -not
($_.User -like “NT AUTHORITY\SELF”) } |Remove-MailboxPermission
Outlook side:
Go to advanced account settings and look if it has another mailboxes added.
If yes-write down each name and remove them all for testing.
In the same window clear “Download shared folders”
2. Disable or
remove shared calendars in Outlook
3. Check DNS
suffixes on any used connection (Wi-Fi, LAN) advanced TCP/IP protocol version
properties.
In the “Append these DNS suffixes (in order)” you can find some entries
which are OK, but if they are not set for your company or you know they are not
correct – remove them.
4. Check Outlook Anywhere settings:
For migrated users - check if the user has been added to migrated users
security group if you set one for gpo for OutlookAnywhere settings as we did.
If not - add him or her and re-logon to the Windows
For
non-migrated to Office365 users OA should be disabled or set as you probably
know how- if not you can check on different Outlook, which is working
properly,
For users migrated to Office365 OutlookAnywhere should be set as
follows:
5. Delete .ost outlook files in user profile (%userprofile%\AppData\Local\Microsoft\Outlook
6. Delete cached credentials in Windows Credential Manager
7. Disable all COM add-ins in Outlook options:
8. Disable Microsoft Lync if user is using it
9. Run Outlook in Safe mode (run with Ctrl key pressed)
10. Recreate Outlook profile in the Mail option in the Control Panel
11. Run Outlook with /rpcdiag switch to check exactly how Outlook is trying to
connect,make a screenshot for future use - maybe Microsoft support?
12. When Outlook is opened rightclick on Outlook icon in the tray and select
"test connection" option, and check to which servers Outlook is
trying ro connect,make a print screen too.
13. Create the same user account on clean Windows installation.If Outlook will
work properly, recreate Windows user profile on problematic computer.
