Jump to content
Welcome to our new Citrix community!
  • 0

Outlook 2016 randomly started prompting users for Password and MFA - FSLogix Containers


RAJ Katyal

Question

We are on Xenapp 7 2106.  We are using Citrix Profile Management for Profile Management and using FSLogix for Office containers.   Running Office 2016 (Outlook 2016) connected to Office 365 Exchange.  Recently, some of the users, quite a few of them but not all users randomly started getting prompted to enter their Office 365 credentials followed by their MFA.  We use Modern authentication for Outlook.  Everything had been working fine and is still working fine for many users but quite a few users started complaining about the login prompt and sometimes it comes up several times a day.   We are not sure why this is occurring.  I checked to see if it was happening when the user AD password expires as we use AD synch for O365, but that doesn't seem to be the case either.   Now, we know that everything seems to be configured correctly because it was working fine and the above starting happening randomly to only some users. 

 

If anyone can shed some light or help out that will be great.

 

 

Link to comment

2 answers to this question

Recommended Posts

  • 1

It could be a couple of things.

1. Ensure the following folders are included in your profile solution

AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewyv
AppData\Local\Microsoft\OneAuth
AppData\Roaming\Microsoft\Credentials
AppData\Roaming\Microsoft\Crypto
AppData\Roaming\Microsoft\Protect
AppData\Roaming\Microsoft\SystemCertificates


2. Run the following as a powershell logon script or WEM External task (logon)

Fix Office 365 SSO
https://discussions.citrix.com/topic/403721-office-365-pro-plus-shared-activation-password-screen-not-able-to-select/page/9

https://docs.microsoft.com/en-us/office365/troubleshoot/authentication/automatic-authentication-fails

If (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.AAD.BrokerPlugin


3. When using Chrome or Edge, if you have overridden the AuthNegotiateDelegateAllowlist policy settings in your environment, ensure that you add Azure AD's URL autologon.microsoftazuread-sso.com and aadg.windows.net.nsatc.net.
See https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
image.thumb.png.09888dd7cfbce7e6fd1cf566d5ae423c.png

Please report back if any of this fixed your issue, good luck.

  • Like 1
Link to comment
  • 0

Hi Jonathan,

 

Thanks for your response.  We are not using Office 365.  We are using perpetual Microsoft Office 2016.  Under the User's profile on the Xenapp Server that they log into I don't even see these paths:

 

AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewyv AppData\Local\Microsoft\OneAuth

AppData\Local\Microsoft\OneAuth

 

I believe it maybe because we are not using O365.  

 

Under Citrix PM we are synchronizing the following:

AppData\Local\Microsoft\Credentials
AppData\Roaming\Microsoft\Credentials
AppData\Roaming\Microsoft\Crypto
AppData\Roaming\Microsoft\Protect
AppData\Roaming\Microsoft\SystemCertificates

 

The second option you mentioned is also a fix for O365, but we are running Office 2016??

 

 

 

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...