+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Cloud Services Thread, Office 365 Error: Outlook 2010 not connecting, logging Event ID 4648 in Technical; This is a really odd one and I can find nothing on Google about it. We've been on Office 365 ...
  1. #1

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644

    Exclamation Office 365 Error: Outlook 2010 not connecting, logging Event ID 4648

    This is a really odd one and I can find nothing on Google about it.

    We've been on Office 365 since February, very happy, all going well etc. Win7 x64 SP1 and Office 2010 - Outlook shows as version 14.0.7116.5000 and should be up to date.

    Just recently we've had a couple of (newly imaged) computers act very strangely when opening Outlook - only a minoroty of newly imaged computers, but the issue does only show up on recently (re-)installed machines. A user opens Outlook and, whether they're setting up their mail profile for the first time or not, gets repeatedly challenged for their credentials. This has happened for me even as domain admin (with no roaming profile), and is specific to machines, not users.

    Every time an attempt is made to login, event ID 4648 is logged in the Security log of the machine. This is from a domain user trying to open their Outlook with an existing mail profile:
    Code:
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          26/06/2014 08:36:42
    Event ID:      4648
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      computer.domain.local
    Description:
    A logon was attempted using explicit credentials.
    
    Subject:
        Security ID:        DOMAIN\user
        Account Name:        user
        Account Domain:        DOMAIN
        Logon ID:        0x7b905
        Logon GUID:        {00000000-0000-0000-0000-000000000000}
    
    Account Whose Credentials Were Used:
        Account Name:        user@school.county.sch.uk
        Account Domain:        
        Logon GUID:        {00000000-0000-0000-0000-000000000000}
    
    Target Server:
        Target Server Name:    DB4PR07MB346.eurprd07.prod.outlook.com
        Additional Information:    DB4PR07MB346.eurprd07.prod.outlook.com
    
    Process Information:
        Process ID:        0xcbc
        Process Name:        C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    
    Network Information:
        Network Address:    -
        Port:            -
    
    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
    (domain & user details sanitised, all else as taken from a log - I wonder if the all-zero GUIDs are related?)

    It's happening even with no proxy set, so it's not the Smoothwall interfering. When I log on as domain admin and try and set up an account in the wizard, the second step ("Searching for server settings") gets a green tick, and only when it gets to the third stage ("Log on to server") does it repeatedly challenge me for credentials. If I cancel out of the authentication box and get the window to check server and logon name, the following details are prefilled:
    Code:
    Server: f5d07378-3370-462c-b855-a2ba7cf49151@school.county.sch.uk
    User: =SMTP:user@school.county.sch.uk
    Again, username and domain sanitised, but that long string in Server is copied directly. The 4648 event in the log displays a logon GUID for the domain\admin account, but all zeroes for the email logon GUID (which is a different user than the one trying to use the workstation) - so again, I wonder if that's related. The target server name is different on this logged event as well, AMXPR07MB005.eurprd07.prod.outlook.com - may be related to the fact that the test account is a student account, whereas the earlier user was a staff member.

    Said users are fine on other machines though, and no 4648 event is logged on working machines.

    Strangely, two machines that were displaying this problem last week had resolved it of their own accord when I went to look yesterday, but another machine has started complaining about it now, so if it's going to start flagging up I'd love to know a fix. Webmail is a temporary workaround, but Outlook is what people want.

    Anyone got any ideas - @EduTech, @jamesbmarshall?

    /hella confused

    EDIT: Repairing Office (with winword /r) makes no difference.
    Last edited by sonofsanta; 26th June 2014 at 09:33 AM.

  2. #2
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Have you tried installing the Microsoft Online Services Sign-In Assistant? That can really help when using Outlook to access the email and not just the Web App

  3. #3

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by themightymrp View Post
    Have you tried installing the Microsoft Online Services Sign-In Assistant? That can really help when using Outlook to access the email and not just the Web App
    Oh yeah, should have said: that's installed everywhere, and uninstalling and reinstalling makes no difference either

    (some of this tracking-down was done last week, which is why I keep forgetting bits)

  4. #4
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Have a look at the Outlook connection settings on one of the machines that's playing up. Check that it is trying to communicate using Basic authentication, I've seen errors before where Outlook defaults to trying NTLM which can cause all manner of issues (see attached)

    exchange proxy.jpg

  5. Thanks to themightymrp from:

    sonofsanta (3rd July 2014)

  6. #5

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by themightymrp View Post
    Have a look at the Outlook connection settings on one of the machines that's playing up. Check that it is trying to communicate using Basic authentication, I've seen errors before where Outlook defaults to trying NTLM which can cause all manner of issues (see attached)

    exchange proxy.jpg
    Logging on as admin and trying to set an account up, Outlook doesn't have those settings in the first place... but then checking against another (working) machine, the same is true there - it ony picks the proxy settings up after it's been through the three stages (checking by clicking the "Manual Server settings" button on the final page of the wizard).

    I'm not able to spend too much time peering through the registry of the affected computer as Pastoral are a bit busy with reports, frustratingly.

    So it may be related, but the user's profile works on other machines, so it should have the proxy settings etc. saved in the mail profile, so it should work on this machine even if new profiles would fail - but it doesn't, which makes me think it's a problem the machine itself has with communication. I wonder if it's certificates, somehow - will go and play with the cert snap-in and see if I can spot any difference in trusted CAs or something...

  7. #6

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Right, hotswapped for the broken machine and got the culprit next to me.

    I can see no difference in the registry, HKCU (from the loaded NTUSER.DAT hive) or HKLM. There are 393 trusted root CA certs in this machine and another working one.

    Anyone know anywhere good to look in the registry/file system for clues? Everything looks identical, as far as I've seen, except one works and one doesn't. Argh!

  8. #7
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    148
    Thank Post
    12
    Thanked 20 Times in 20 Posts
    Rep Power
    5
    May or may not help... We had a similar issue recently at a school and it was because there was a gpo left over from an outlook / exchange on site setup that had a gpo forcing the type of authentication outlook would use, it was only on some ou folders so issue would appear and disappear as new Machines got moved from a default build ou to an office ou etc.

  9. #8

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by Jasbo View Post
    May or may not help... We had a similar issue recently at a school and it was because there was a gpo left over from an outlook / exchange on site setup that had a gpo forcing the type of authentication outlook would use, it was only on some ou folders so issue would appear and disappear as new Machines got moved from a default build ou to an office ou etc.
    Both times I've seen it, there's been a computer sat to the left of me - in the same office, in the same OU - that's absolutely fine.

    Still, I'm willing to try anything - what's the policy to force auth type? I'll see if I can force it onto Basic, maybe the odd machine is making the wrong decision for reasons unknown.

  10. #9
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Import the attached ADM template into the Admin Templates of the user section of a GPO

    You should then have a subkey for Outlook Anywhere settings. You can force the authentication type to basic as shown in the picture:

    Outlook ADM settings.jpg
    Attached Files Attached Files

  11. Thanks to themightymrp from:

    sonofsanta (3rd July 2014)

  12. #10

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by themightymrp View Post
    Import the attached ADM template into the Admin Templates of the user section of a GPO

    You should then have a subkey for Outlook Anywhere settings. You can force the authentication type to basic as shown in the picture:

    Outlook ADM settings.jpg
    Cheers - Proxy Server Name and cert principal name as in the earlier settings, I take it?

  13. #11
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Yep, just use whatever the normal settings are for your environment (check a working machine!)

  14. #12

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by themightymrp View Post
    Yep, just use whatever the normal settings are for your environment (check a working machine!)
    Alas - whilst the settings have gone on and applied like a charm, it's not fixed the original problem.

    Becoming more and more convinced the empty GUID for the email address logged in event 4648 is symptomatic, but I've no idea what it means.

  15. #13
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Don't know about the 4648 error (specifying explicit credentials??) - might sound daft but there isn't some kind of time zone difference between the client PC / domain controller / O365 server is there?

  16. #14

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,003
    Thank Post
    874
    Thanked 1,458 Times in 1,002 Posts
    Blog Entries
    47
    Rep Power
    644
    Quote Originally Posted by themightymrp View Post
    Don't know about the 4648 error (specifying explicit credentials??) - might sound daft but there isn't some kind of time zone difference between the client PC / domain controller / O365 server is there?
    Time is accurate, and the other 500 odd machines are all fine.

    It's definitely the 4648 error somehow, as that doesn't show up on machines that are working as they should be - only on this one being a pain in my bottom. Showed up on the other two machines as well, that have since fixed themselves of their own accord - but that took a week, and I'd prefer a quicker fix :/

  17. #15
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,220
    Thank Post
    216
    Thanked 226 Times in 195 Posts
    Rep Power
    73
    Out of interest, on one of the ones failing try disabling UAC. I've been looking into that event ID number and it can occur when something is trying to run with different credentials i.e. when running something elevated. Couldn't say what would be doing it but might be worth an experiment?

  18. Thanks to themightymrp from:

    sonofsanta (3rd July 2014)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Connecting Outlook 365 to Outlook 2010
    By TheOrangeMonkey in forum Cloud Services
    Replies: 5
    Last Post: 25th April 2014, 03:14 PM
  2. Outlook 2010 not connecting
    By Wonderburg in forum Cloud Services
    Replies: 0
    Last Post: 16th December 2013, 11:57 AM
  3. Replies: 1
    Last Post: 17th April 2013, 04:21 PM
  4. Replies: 31
    Last Post: 8th January 2013, 12:11 PM
  5. Outlook 2010 not saving Sent Items to PST file.
    By mrforgetful in forum Office Software
    Replies: 4
    Last Post: 25th November 2009, 11:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •