Home

Windows needs your current credentials Loop

%3CLINGO-SUB%20id%3D%22lingo-sub-183250%22%20slang%3D%22en-US%22%3EWindows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183250%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20recently%20changed%20the%20default%20email%2Flogin%20(the%20domain%20part)%20for%20my%20Office%20365%20account.%20I%20use%20this%20account%20to%20sign%20into%20(AAD)%20my%20Windows%2010%20machines%20(two%20machines%20-%20one%20Enterprise%2C%20one%20Workstation%20Pro).%3C%2FP%3E%3CP%3ESince%20I%20changed%20the%20account%20every%20time%20I%20unlock%20the%20machine%20using%20either%20Windows%20Hello%20or%20my%20PIN%20I%20am%20immediately%20prompted%20to%20re-enter%20my%20credentials%20via%20the%20message%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22Windows%20needs%20your%20current%20credentials.%20Please%20lock%20this%20computer%2C%20then%20unlock%20it%20using%20your%20most%20recent%20password%20or%20smart%20card%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20lock%20the%20PC%20and%20then%20unlock%20it%20using%20the%20password%20(not%20Hello%20or%20PIN)%20the%20problem%20is%20resolved%20until%20I%20unlock%20it%20again%20using%20either%20Hello%20or%20PIN%20-%20at%20which%20point%20the%20same%20message%20is%20raised.%20If%20I%20ignore%20the%20error%2C%20which%20doesn't%20seem%20to%20cause%20any%20problems%2C%20I%20am%20just%20re-prompted%20every%20few%20minutes%20(very%20annoying).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20machines%20has%20had%20Windows%20reinstalled%20since%20the%26nbsp%3Busername%20change%2C%20but%20still%20sees%20the%20issues.%20I%20have%20also%20logged%20out%20of%20both%20devices%20and%20changed%20my%20password%20via%20the%20admin%20portal.%20But%20I%20still%20see%20the%20issue.%20I've%20also%20reset%20the%20PIN%20-%20the%20problem%20still%20happens.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20not%20see%20any%20errors%20in%20the%20Windows%20event%20log%20that%20tie%20up%20to%20the%20time%20when%20this%20message%20appears%2C%20or%20when%20the%20PC's%20are%20unlocked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20option%20to%20consider%20is%20that%20this%20AAD%20tenant%20was%20previously%20sync'd%20to%20an%20on-premise%20domain.%20But%20it%20is%20no%20longer%20synced.%20This%20was%20removed%20intentionally%20several%20months%20before%20this%20problem%20started.%20I%20only%20note%20this%20because%20Windows%20still%20sees%20my%20username%20as%20olddomain%5Cusername%2C%20whereas%20I%20would%20have%20expected%20it%20to%20go%20back%20to%20AzureAd%5Cusername%40domain.com%20(even%20on%20refresh%20installs).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3ESimon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-183250%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindow%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-393958%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393958%22%20slang%3D%22en-US%22%3E%3CP%3Esame%20problem%20here%3A%20AAD-joined%20device%20prompts%20user%20constantly%20for%20his%20current%20creds.%3C%2FP%3E%3CP%3Eanyone%20has%20a%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391794%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391794%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20have%20any%20success%20with%20this%20one%3F%26nbsp%3B%20Having%20a%20similar%20issue...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-290446%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-290446%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20having%20similar%20issues%20to%20this%20and%20this%20older%20post%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_10-security%2Fwindows-10-domain-joined-locking-out-user-account%2F489e7c38-ee9e-4d4a-a38d-abe673ab49bb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_10-security%2Fwindows-10-domain-joined-locking-out-user-account%2F489e7c38-ee9e-4d4a-a38d-abe673ab49bb%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20an%20on%20site%20domain%20used%20for%20windows%20authentication%20that%20is%20separate%20from%20an%20adfs%20domain%20used%20for%20o365%20proplus%20click%20to%20run%20activation.%20Both%20accounts%20share%20the%20same%20email%20address%20user%20object%20attribute.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20the%20two%20sets%20of%20credentials%20and%20authentication%20might%20be%20conflicting%3F%20Did%20your%20issue%20get%20resolved%3F%20Any%20recommendations%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278208%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278208%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20problem.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-183304%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183304%22%20slang%3D%22en-US%22%3E%3CP%3EI%20guess%20the%20root%20cause%20here%20is%20that%20using%20a%20password%20vs%20using%20a%20method%20such%20as%20Hello%20triggers%20a%20different%20auth%20flow%2C%20and%20is%20governed%20by%20different%20rules%20when%20it%20comes%20to%20token%20expiration.%20But%20that's%20just%20a%20guess%20and%20a%20proper%20investigation%20will%20require%20capturing%20some%20network%20traces%20to%20get%20the%20relevant%20details.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20can%20reliably%20reproduce%20the%20issue%2C%20open%20a%20support%20case%20and%20work%20with%20the%20engineers%20to%20gather%20some%20diagnostics%20info.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-659451%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-659451%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52852%22%20target%3D%22_blank%22%3E%40simon%3C%2FA%3E%26nbsp%3B%26nbsp%3Bdid%20you%20ever%20get%20this%20fixed.%20Cannot%20find%20any%20sources%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-660044%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-660044%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F352257%22%20target%3D%22_blank%22%3E%40Arielalt%3C%2FA%3E%26nbsp%3BI%20do%20not%20know%20for%20sure%20but%20when%20I%20removed%20the%20domain%20sync%20I%20cleaned%20up%20the%20sync%20account%20in%20AAD%20by%20deleting%20it.%20The%20account%20name%20looks%20something%20like%20this%3A%26nbsp%3B%3CSPAN%3ESync_DC1_d7236f409c87%40%5Byoudomain%5D.onmicrosoft.com%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20restored%20that%20account%20in%20the%20Office%20365%20interface%20and%20the%20problem%20stopped.%20I've%20left%20it%20there%20ever%20since%20-%20too%20scared%20to%20delete%20it.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIt%20doesn't%20sound%20like%20it%20should%20be%20the%20cause%20-%20and%20I%20cannot%20be%20certain%20it%20was%20the%20fix%20but%20the%20problem%20has%20gone%20away.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20you%20have%20this%20issue%20still%20I%20would%20engage%20MS%20Support.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-665051%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-665051%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20still%20getting%20the%20message.%20I%20havent%20attempted%20to%20remove%20the%20AD%20Connect%20as%20the%20previous%20response.%26nbsp%3B%20I%20have%20a%20ticket%20open%20with%20Microsoft%20for%20now%20two%20months%20as%20they%20are%20apparently%20too%20busy%20to%20get%20this%20resolved%20for%20us.%26nbsp%3B%20Glad%20it%20is%20not%20actually%20causing%20problems...%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918938%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918938%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F138332%22%20target%3D%22_blank%22%3E%40Simon%20D'Morias%3C%2FA%3E%26nbsp%3BWe%20are%20facing%20the%20same%20issue.%20But%20we%20still%20use%20an%20Hybrid%20AD%2C%20with%20AD%20connect.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20anyone%20ever%20resolve%20this%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918941%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20needs%20your%20current%20credentials%20Loop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F299526%22%20target%3D%22_blank%22%3E%40DjTjon01%3C%2FA%3E%26nbsp%3B%20Sadly%20no.%20Everyone%20still%20gets%20the%20message.%20The%20PSA%20was%20to%20ignore%20it%20but%20geez%2C%20that%20does%20not%20look%20the%20greatest%20from%20the%20IT%20side.%26nbsp%3B%20MS%20still%20has%20yet%20to%20respond%20to%20my%20emails%20on%20this%20one%20either.%26nbsp%3B%20Cannot%20for%20the%20life%20of%20me%20figure%20out%20what%20caused%20this%20one.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Simon D'Morias
Occasional Visitor

Hi,

 

I recently changed the default email/login (the domain part) for my Office 365 account. I use this account to sign into (AAD) my Windows 10 machines (two machines - one Enterprise, one Workstation Pro).

Since I changed the account every time I unlock the machine using either Windows Hello or my PIN I am immediately prompted to re-enter my credentials via the message:

 

"Windows needs your current credentials. Please lock this computer, then unlock it using your most recent password or smart card"

 

If I lock the PC and then unlock it using the password (not Hello or PIN) the problem is resolved until I unlock it again using either Hello or PIN - at which point the same message is raised. If I ignore the error, which doesn't seem to cause any problems, I am just re-prompted every few minutes (very annoying).

 

One of the machines has had Windows reinstalled since the username change, but still sees the issues. I have also logged out of both devices and changed my password via the admin portal. But I still see the issue. I've also reset the PIN - the problem still happens.

 

I do not see any errors in the Windows event log that tie up to the time when this message appears, or when the PC's are unlocked.

 

One option to consider is that this AAD tenant was previously sync'd to an on-premise domain. But it is no longer synced. This was removed intentionally several months before this problem started. I only note this because Windows still sees my username as olddomain\username, whereas I would have expected it to go back to AzureAd\username@domain.com (even on refresh installs).

 

Many thanks

Simon

10 Replies

I guess the root cause here is that using a password vs using a method such as Hello triggers a different auth flow, and is governed by different rules when it comes to token expiration. But that's just a guess and a proper investigation will require capturing some network traces to get the relevant details.

 

If you can reliably reproduce the issue, open a support case and work with the engineers to gather some diagnostics info.

I have the same problem.

We are having similar issues to this and this older post https://answers.microsoft.com/en-us/windows/forum/windows_10-security/windows-10-domain-joined-locki...

 

We have an on site domain used for windows authentication that is separate from an adfs domain used for o365 proplus click to run activation. Both accounts share the same email address user object attribute.

 

I think the two sets of credentials and authentication might be conflicting? Did your issue get resolved? Any recommendations?

Did you have any success with this one?  Having a similar issue... 

same problem here: AAD-joined device prompts user constantly for his current creds.

anyone has a solution?

Hi @simon  did you ever get this fixed. Cannot find any sources 


@Arielalt I do not know for sure but when I removed the domain sync I cleaned up the sync account in AAD by deleting it. The account name looks something like this: Sync_DC1_d7236f409c87@[youdomain].onmicrosoft.com

 

I restored that account in the Office 365 interface and the problem stopped. I've left it there ever since - too scared to delete it.

 

It doesn't sound like it should be the cause - and I cannot be certain it was the fix but the problem has gone away.

 

If you have this issue still I would engage MS Support.

We are still getting the message. I havent attempted to remove the AD Connect as the previous response.  I have a ticket open with Microsoft for now two months as they are apparently too busy to get this resolved for us.  Glad it is not actually causing problems...  

We are facing the same issue. But we still use an On-Prem AD, with AD connect. 

 

Did anyone ever resolve this issue?

@DjTjon01  Sadly no. Everyone still gets the message. The PSA was to ignore it but geez, that does not look the greatest from the IT side.  MS still has yet to respond to my emails on this one either.  Cannot for the life of me figure out what caused this one. 

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies