3

We use WebDAV to share Outlook calendars.

I set up a WebDAV server with IIS on Windows 2012 R2. It works fine.
This Windows 2012 R2 is on the local network and it belongs to an Active Directory's domain. Every client are also on the local network, and belong to the same domain.
The WebDAV's IIS site only use "Windows authentication", which is the recommended setting.

When a domain user access a WebDAV share for the first time, he has to wait about 5 seconds before he is required to enter credentials. The user then type his domain user/password and the access is granted.
The WebDAV credentials are stored into the Windows's credentials cache (you can see/modify then with rundll32.exe keymgr.dll,KRShowKeyMgr).

If the user then change his domain password, the access to the WebDAV share no longer works, because the credentials used are the old ones stored into the cache.

This behavior is seen when using WebDAV from Outlook and from explorer.
We currently need only to solve the problem for Outlook.

Question: How to make Outlook use the currently logged user credentials, instead of asking to type it? So when the user change his password, everything still work.

Update: On a client computer I explicitly put the WebDAV share into the intranet zone of Internet Explorer. I also explicitly configured Internet Explorer to use the current user's credentials (this is not the default setting). But no improvement.

Tom
  • 137
  • 1
  • 2
  • 11
Gregory MOUSSAT
  • 1,737
  • 2
  • 25
  • 48
  • 3
    What zone is the WebDAV share in on the client? By default client side is (X) Automatic logon only in Intranet zone. (this is in IE "Internet settings", security tab). – Brian Jun 13 '15 at 16:41
  • 1
    @Brian: nice suggestion. Question updated. – Gregory MOUSSAT Jun 14 '15 at 15:52
  • Have you checked the Security Log on the WebDAV server to see if there are any number of large Failed Audit events that are thrown when users try to connect to a WebDAV share for the first time? – IceMage Jun 17 '15 at 19:18

2 Answers2

2

More than likely, this is an issue with integrated credentials not working. The 5 second pause you are referring to generally means that the system is trying to automatically authenticate - and then failing, prompting you to enter in new credentials. I would explore the reason that the integrated authentication isn't working. See this question - Authenticating with Exchange WebDAV / Outlook Web Access

One thing to note, is that Outlook uses the security and internet settings from Internet Explorer, so make sure that you have set the WebDAV folder's url to be a trusted site via group policy, or through Internet Explorer itself.

Community
  • 1
IceMage
  • 1,336
  • 7
  • 12
0

Have a look at this Microsoft Knowledgebase article:

https://support.microsoft.com/en-us/kb/2845626

It describes a solution to "Cached credentials are not updated when you change your password in Windows"

Silvio Massina
  • 476
  • 2
  • 5