Office 2019 / Failed Logins / Credential Manager

Topic

New Reply

Hello all, posting this inquiry to see if anyone else has had any different experience than what I’ve encountered.  The issue is that since using Office 2019, a user will somehow trigger failed logins (can be in the thousands) on Event ID 4776 / 4771, happens randomly / typically one user at a time, with the cure being to remove the MicrosoftOffice16_Data… from Credential Manager > Windows Credential and sometimes having to reboot the client.

Our scenario; Win Server / onsite Exchange 2016, 30+ Win10 1809 clients (though the Win version doesn’t appear to be a contributing factor) and running Office / Outlook 2019.

A couple of observations from dealing with this for nearly a year now:

• Sometimes the automatic password renewal triggers this;
• In only the rare case does the failed logins trigger the lockout (i.e. though I have had the usual lockout triggers from failed logins, this scenario in most cases doesn’t cause lockouts, even though the numbers state it should);
• Accessing an older mailbox using Exchange delegation (former employees) can result in lockouts (removing the delegation fixes that issue);
• Have implemented the below Registry fix since early spring which lessen the frequency, but doesn’t eliminate it:
  • [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover] “ExcludeExplicitO365Endpoint”=dword:00000001
• The user is totally unaware that there is a problem, and the only symptom is that DC’s security log gets thousands of the failed login entries (i.e. a pain in the butt for the admin only)

Still have the occasional Outlook requires credentials windows pop up and have trained my users to hit the “X” on the window (hitting cancel appears to be less effective / it keeps on popping up) and then in Outlook clicking on the “Need Password” and Outlook reconnects.

Look forward to your feedback.

Thank you,

IT Manager Geek

1 user thanked author for this post.

woody

Reply | Quote

Replies

Does this happen on all versions, or is there a specific update that triggered the problem?

Reply | Quote

All versions, I’m assuming you’re referring to Office, and the answer is that only on Office 2019.

A clarification, 2 years ago we were mainly an Win7 / Office 2010 setup, shortly there after I slowly started moving to Win10, 1803 I believe, with Office 2010 installed and in early 2017 moved to Exchange 2016 running with Office / Outlook 2010 with minimal issues.  Then just under a year ago I start moving to Office / Outlook 2019, and that’s when I noted the above failed logins.  Currently there is only a couple of Office / Outlook 2010 setups on mainly Win10, and they’ve never triggered the issue.

“Is there a specific update that triggered the problem” believe the above answers that question.  But to clarify, Windows Updates (we’re an update everything at the end of the month type of setup) doesn’t appear to trigger the issue (though maybe it does and I’ve not put 2 and 2 together).

Hopefully the above isn’t too long winded.

Take care,

IT Manager Geek

Reply | Quote

It sounds like you may have tried the first suggestion six months ago from the foremost Outlook expert at Microsoft Community, but what about her other two?:

Outlook 2019 will cause Domain Controller to have 4776 / 4771 login failures

Reply | Quote

And there’s no acknowledgment that you even saw the last two suggestions from network experts on this site, also six months ago:

Outlook 2019 will cause Domain Controller to have 4776 / 4771 login failures

Reply | Quote

Hello B.  They’re two reasons why I didn’t respond to the linked post:

1. Though deleting the Credential Manager Office2016… entry(s) does rectify the issue, it is a temporary fix as the issue can reappear (believe I have a couple of examples) and it doesn’t deal with why it is reoccurring.
2. Marvin’s end reply is stating that it may not be Office / Outlook 2019 that is triggering the issue but that it is “Windows Server Validation”, doesn’t deal with the facts (that as soon as Outlook 2019 is turned off, the event log alerts stop).  I believe I’m clear that my issue begins and ends with Outlook 2019.

I’m open to reviewing other items, but the “experts” referenced in the above Microsoft posting from March 2019 are ignoring that this is strictly on-premise (though my own research has indicated similar issues with MS365).  Maybe there is a better Microsoft forum to post this issue, but I’ve not found it.

Thanks for reminding me about my older posting, it was useful, in that I’m confirming that I’ve covered the same ground 5 mos + ago.

Take care,

Reply | Quote

Lawrence Patterson wrote:

I’m open to reviewing other items, but the “experts” referenced in the above Microsoft posting from March 2019 are ignoring that this is strictly on-premise (though my own research has indicated similar issues with MS365).  Maybe there is a better Microsoft forum to post this issue, but I’ve not found it.

What about Diane’s suggestions, including a better Microsoft forum for a post complete with link?

She doesn’t need the quotation marks around expert when the topic is Outlook.

But my personal guess is that this may have nothing to do with Outlook.

Reply | Quote

B, as noted I did follow Diane’s suggestion and quotation marks wasn’t directed to her.

With that said, if Outlook isn’t the cause or more to the point I should be looking at network  or Windows authentication issues, what should I be specifically looking for and how to confirm the hypothesis?

Take care,

IT Manager Geek

Reply | Quote

IT Manager Geek wrote:

B, as noted I did follow Diane’s suggestion and quotation marks wasn’t directed to her.

If you say “experts” and there’s only two, one of which is her, then it was.

I don’t see any note of your response or acknowledgement of her other two suggestions, which I’ve already asked about twice; so three times now:

Did you enable Outlook logging by referring to her helpful link?

Did you post your problem on TechNet Forums via her helpful link?

Reply | Quote