Oct 31 2018
01:18 PM
- last edited on
Feb 10 2023
02:33 PM
by
TechCommunityAP
Oct 31 2018
01:18 PM
- last edited on
Feb 10 2023
02:33 PM
by
TechCommunityAP
Hello! First time poster, here.
In the past ~1-2 months, our travelling users have been running into an authentication loop in Outlook 2016. They will suddenly be asked to enter their password in Outlook (the larger, white, browser-based modern authentication window, not the small Outlook client username/password authentication window). Entering their password will close the window, then the window will immediately pop back up. The Outlook client cannot be used until they come back inside our network and reboot their PC.
I was able to immediately reproduce the issue on my work laptop (64-bit Windows 10 1803 running Office 2016 32-bit version 1809) by deleting my Outlook profile, deleting all saved Office-related credentials in the Credential Manager, and connecting my laptop to my smartphone hotspot (to simulate being outside the network). Starting Outlook 2016, I'll create a new profile, connect with my AD account, enter my password in the Outlook 2016 authentication box; my email will actually start loading in Outlook, then the larger, white authentication window will pop up. I enter my password, it will disappear, then pop up again, and on, and on...
We have worked with MS Support on this issue for a total of ~7 hours in multiple remote sessions, and here are the troubleshooting steps they took, which all failed:
-Using an app password when the MFA browser window asks for the user’s password (“invalid password”)
-Adding “HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableADALatopWAMOverride” to the registry, with a DWORD value of 1
-Using “Fiddler” to collect logs while the issue occurred (the technician seemed like they had no idea how to use the program, since the certificates installed by the program effectively blocked Outlook 2016 from communicating with the Microsoft servers)
-Turning on Outlook logging, and reproducing the issue. The logs were not affected in any way while the looping was taking place, leading us to believe that the issue is taking place outside of the Outlook application.
-MS O365 Support then brushed it off as Incident EX152471, which was announced as resolved yesterday evening, but the problem still persists in our environment.
The ONLY workaround that we found, is adding "DisableAADWAM" to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\, and giving it a DWORD value of 1. But disabling Web Access Management is not a solution!
Can anyone shed any light on our issue?
Thank you,
--Ryan
Nov 01 2018 12:13 AM
There's an ongoing service incident causing (EX152471) this, it should be resolved soon.
Nov 01 2018 07:17 AM
Vasil,
Thanks for your response! Unfortunately, resolution of EX152471 didn't resolve our problem. On this incident's resolution page , Symptom 2 is the only symptom similar to our problem, but AADSTS70002 is not showing up in the AAD Operational Logs of an affected PC.
Nov 27 2018 06:00 AM
Jan 22 2019 10:37 AM
Also an ongoing thread about this here (note that the top post in the Uservoice thread mentions the OLD reg key, but recent comments make clear what's currently working):
Why is this still an issue?
Jan 23 2019 10:29 AM
Aug 19 2019 08:46 AM
I've taken to setting the DisableAADWAM key by group policy at clients. So far, I have never once in any way used it, and don't see any benefit to it whatsoever. Bugs, however, have been aplenty.
Why is it on by default?
Dec 12 2019 06:43 AM
Jul 24 2020 06:06 AM
@Enny6513 in your on-premises environment, this may stop issues, but if you have a server stutter, your users may need to logon again.
Also Outlook without ADAL will not be able to connect to Office 365 after October. Something to consider.
Jul 24 2020 06:30 AM
Aug 10 2020 03:17 AM
Windows 10 1703 is out of support.
I strongly advice you to update to latest windows 10 build and remove the registry key.
Mar 07 2023 01:00 PM