Saturday, 3 November 2018

New Office Build Causes Credentials Prompt Loop

Another day, another challenge.

We've just provisioned a brand new laptop with a brand new Office (latest build) for a user. Yet we could not configure a mail profile: it kept prompting for credentials, no matter what we did. We tried DOMAIN\samAccountName as well as UPN to no avail.

The user is in a hosted Exchange environment with a UPN of domain.local on Exchange 2013.

Interestingly other users worked well.

To cut the long story short, it looks like the newest Office build requires that the domain component of the user's UPN matches the domain component of the primary SMTP address. The user components need not match.

Here is what failed and what worked in my test:
  • DOMAIN\samAccountName FAILED
  • user@domain.local FAILED
  • UPN fully matches email address WORKED
  • domain components of UPN and email address match, user components are different WORKED
Office builds that displayed this behavior are 1809 and 1810. Older builds worked with any of the above combinations. In my troubleshooting I used the latest Office 365 suite, 16.0.11001.20064 at the time of this writing, which failed/worked as described above.

Is it a bug? Is it Microsoft silently pushing users to adhere to standards imposed by Office 365 EXO? Can't tell. The fact is that it looks like we are being forced to adopt consistency. Not necessarily a bad thing, although without adequate documentation on Microsoft's part it is going to cause some major headaches in a number of organizations.

Lessons learned: start sticking to de facto standards and best practice: match users' UPN to their primary SMTP address.

Have a nice weekend.

No comments:

Post a Comment