How to Fix Persistent Credential Prompts in Outlook 2007 When Using RPC over HTTPS with Exchange 2003


2 views

Many administrators face this frustrating scenario: Outlook 2007 clients configured for RPC over HTTPS keep prompting for credentials even when:

  • The "Remember password" checkbox is checked
  • Machines are domain-joined
  • Authentication appears successful

Before troubleshooting, verify these baseline requirements:

// Sample registry check for RPC over HTTPS configuration
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\RPC]
"EnableRPCTunneling"=dword:00000001
"ProxyServerName"="your.exchange.server.com"
"ProxyAuthScheme"=dword:00000001

Method 1: Registry Modification

Create this registry entry to force credential caching:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security]
"SaveSecurityPassword"=dword:00000001

Method 2: Authentication Provider Order

Adjust provider precedence in the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Negotiate"=hex(7):6d,00,73,00,73,00,71,00,6c,00,73,00,76,00,63,00,00,00,00,00

On the Exchange 2003 server, ensure these IIS settings:

  • Basic Authentication disabled
  • Integrated Windows Authentication enabled
  • SSL required on the /rpc virtual directory

When the issue persists, follow this diagnostic sequence:

1. Clear credential manager entries
2. Reset Internet Explorer security zones to default
3. Verify proxy settings in Outlook:
   - CTRL+right-click Outlook icon
   - Connection status
   - Verify proxy authentication method

For environments with many clients, deploy this VBScript:

Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite "HKCU\Software\Microsoft\Office\12.0\Outlook\RPC\ProxyAuthScheme", 1, "REG_DWORD"
objShell.RegWrite "HKCU\Software\Microsoft\Office\12.0\Outlook\Security\SaveSecurityPassword", 1, "REG_DWORD"

After applying fixes:

  1. Restart Outlook
  2. Check Event Viewer for authentication errors
  3. Test connectivity with Outlook in safe mode

When implementing RPC-over-HTTP for Outlook 2007 clients connecting to Exchange 2003 servers, many administrators encounter a persistent authentication prompt issue despite domain membership and "Remember password" being checked. This behavior occurs across Windows XP, Vista, and 7 platforms.

The root cause lies in how Outlook handles credential caching for RPC-over-HTTP connections. Here's the definitive fix:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\YourProfileName]
"00036601"=hex:0a,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\YourProfileName\13dbb0c8aa05101a9bb000aa002fc45a]
"AccountName"="DOMAIN\\username"
"Email"="user@domain.com"
"ConnectionFlags"=dword:00000002

For enterprise deployment, use this PowerShell script:

$profileName = (Get-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles").DefaultProfile
$regPath = "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\$profileName"

# Create the necessary registry entries
New-ItemProperty -Path $regPath -Name "00036601" -Value ([byte[]](0x0a,0x00,0x00,0x00)) -PropertyType Binary -Force

$subKeyPath = "$regPath\13dbb0c8aa05101a9bb000aa002fc45a"
if (!(Test-Path $subKeyPath)) {
    New-Item -Path $subKeyPath -Force
}

New-ItemProperty -Path $subKeyPath -Name "AccountName" -Value "DOMAIN\username" -PropertyType String -Force
New-ItemProperty -Path $subKeyPath -Name "Email" -Value "user@domain.com" -PropertyType String -Force
New-ItemProperty -Path $subKeyPath -Name "ConnectionFlags" -Value 2 -PropertyType DWord -Force

Before applying client-side fixes, ensure your Exchange 2003 server is properly configured:

  1. Verify RPC virtual directory authentication settings in IIS
  2. Confirm SSL certificate validity and chain trust
  3. Check that Basic Authentication is enabled for the RPC virtual directory

If the registry modification doesn't resolve the issue, consider these additional steps:

  • Clear the credential manager cache (control keymgr.dll)
  • Recreate the Outlook profile completely
  • Verify the account has proper permissions in Active Directory
  • Check for group policy conflicts regarding credential delegation