Outlook keeps popping up asking for a password and not accepting it (Part-2)

blog.payperitem.com,

Let’s go deeper. I’ll break this down into root cause areas with advanced diagnostics and fixes tailored for Outlook password prompt loops.

🧠 DEEP DIVE: Outlook Keeps Asking for Password – Advanced Fixes

🧱 1. Autodiscover + Authentication Flow Breakdown

Outlook uses Autodiscover to locate and configure the mailbox. Any misstep here = auth failure.

✅ Diagnostic Steps:

🛠️ Fixes:

  • Corrupt autodiscover entries:
    • Check: bashCopyEditregedit → HKEY_CURRENT_USER\Software\Microsoft\Office\<XX>\Outlook\AutoDiscover
    • Clear these:
      • ExcludeScpLookup, ExcludeHttpsRootDomain, ExcludeSrvRecord, etc.
      • Set them all to 0 to re-enable defaults unless explicitly set by org.
  • Flush DNS + restart networking: bashCopyEditipconfig /flushdns netsh int ip reset

🔐 2. Modern Auth / OAuth Conflicts (Office 365, Gmail, etc.)

💡 Symptoms:

  • Password loop but works in browser
  • App password works but regular one doesn’t
  • MFA enabled

✅ Fixes:

Office 365:
  • Ensure Modern Authentication is enabled:
    • Run PowerShell (with ExchangeOnlineManagement module): powershellCopyEditConnect-ExchangeOnline Get-OrganizationConfig | FL OAuth* You want OAuth2ClientProfileEnabled : True
  • Check registry: bashCopyEditregedit → HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity Add or set: iniCopyEditEnableADAL = 1 (DWORD) And: pgsqlCopyEditHKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableADAL = 1 HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Version = 1
Gmail IMAP:
  • You must use an App Password if 2FA is enabled.
  • Google blocks insecure apps unless specifically allowed.

📦 3. Credential Manager Corruption / SSO Conflict

Even after clearing credential manager, tokens can persist or loop.

✅ Kill all tokens:

  • Delete from:
    • Credential Manager
    • %LOCALAPPDATA%\Microsoft\IdentityCache
    • %LOCALAPPDATA%\Microsoft\Outlook\RoamCache
  • Kill AAD tokens: powershellCopyEditdsregcmd /leave
  • Rejoin AAD (if corporate): powershellCopyEditdsregcmd /join

💼 4. Hybrid/AADJ Issues (Work Devices)

On corporate-managed devices, you may get mismatches between:

  • Device not properly joined to Azure AD
  • Conditional Access Policies failing silently

✅ Fix:

  • Run: powershellCopyEditdsregcmd /status
  • Look for:
    • AzureAdJoined: YES
    • DeviceId present
    • SSO State: YES

If not, fix the AAD join. May need re-registering the device:

bashCopyEditSettings → Accounts → Access work or school → Disconnect and reconnect

🧪 5. Test Profile With Clean Flags

Create a new Outlook profile with full logging:

bashCopyEditoutlook.exe /profiles /logonprofile "<ProfileName>" /rpcdiag

You can also enable Outlook logging:

  • File → Options → Advanced → Enable troubleshooting logging (under “Other”)

📊 6. Use SaRA with Full Traces

Use Microsoft’s Support and Recovery Assistant (SaRA):

🚫 7. Third-Party Interference

Common offenders:

  • Antivirus scanning Outlook data files
  • VPNs affecting port 443 or redirecting auth URLs
  • Proxy settings breaking Modern Auth

✅ Fix:

  • Temporarily disable AV/firewall
  • Try Outlook without VPN
  • Run: bashCopyEditinetcpl.cpl → Connections → LAN Settings Ensure no unexpected proxy.

Cloud Exchange M365 Networking Windows

Related Posts

Recovering Group Memberships After AD Restore

When restoring users or groups in Active Directory, their memberships might not be restored automatically, especially if an authoritative restore was used. Here’s how to recover group memberships for restored users or groups. Step 1: Check If Memberships Were Retained Before proceeding with recovery, check if group memberships are intact….

Read More