question

ChuaBoonYiang-5038 avatar image
0 Votes"
ChuaBoonYiang-5038 asked ChuaBoonYiang-5038 answered

Exchange Server Account Keeps Locking out

Hi,

My work Exchange Account (Exchange server hosted internally by my IT contractor), linked to my Domain/ ADID keeps getting locked out. Whenever this happens, I have to go to a customized Exchange Online portal and click “forgot your password” and unlock my account.


122486-ex1.png

122575-ex2.png

I have been checking with my in-house IT contractor, but no one knows the problem exactly. I have also searched online extensively. I have read similar problem descriptions and tried the solutions but to no avail.

This is my setup :
I am accessing this Exchange account using
1) Corp issued Laptop (LT). I have to login using my domain\ADID into this LT and then launched Outlook 2016 to access emails.

2) Personal Laptop. Since it is a personal LT, I have subscribed to office 365 and using outlook 365, connected to my office exchange account, login using my domain/ADID. But I login to my personal LT using a generic local username.

3) Iphone default mail application. Similarly, I connect to exchange server and in the configuration setup, I have to specify the domain name , ADID and password.

You may wonder why am I using (2) since I have (1). Due to some corp security concerns, there is no internet access for (1), except for email. Hence, many staff have to work on personal LT as our works require use of internet. (3) is more a convenience for me to access email while on the road.

What I have observed is this. If I assessed email using (1) or (2) or (3) alone, the account is ok.
As long as I use (3) with (1) or (2), that’s when problem begins to appear. As password is kind of “embedded” in iphone email config, it will prompt me to enter password. It seems that whenever I start using (1) or (2), the password will “disappear” in the system and that triggers the system to prompt for password instead. However, 3 strikes and the account will be locked out. I could not even stop that from not happening, it happens automatically, in a way.

As such, I really do not know which system is causing this problem and which configuration in the Exchange server might be causing it. The IT contractor is not willing to look into it as (2) and (3) are devices which they do not support. They are not incorrect as the system works well if we use (1) solely.

Some threads suggested it may be new IOS issue but this happened only to Exchange server account. My gmail setup in iphone default mail app do not have such problem. Hence, I could not check in IOS thread.
Do you have any idea what could be the issue ? Thank you.


office-exchange-server-administrationoffice-exchange-server-itpro
ex1.png (9.1 KiB)
ex2.png (112.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered YukiSun-MSFT converted comment to answer

Hi @ChuaBoonYiang-5038,

I read through the issue description but got confused about several points, would you mind elaborating the following things so that we can understand better about the situation?

  1. What's the exact symptom when the Exchange account gets locked out? Is it that the the password prompt keeps appearing on (1) or (2) but entering the right credentials doen't work and the account gets locked out after 3 strikes? When this occurs, are you able to access the Exchange account as normal on (3)?

  2. Does this issue affect other users in your environment who also have the Exchange account configured on Iphone default mail application?

  3. If only (1) and (2) are used at the same time, that is, temporarily stop accessing mail from (3), will the account get locked out?

Besides, I understand that your gmail account works fine with your iphone default mail app, but in case it's a issue only affecting Exchange account, I'd still suggest trying to use Outlook for iOS instead or test on other mobile devices for some time to see if there would be any difference.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Yuki for your response.

1) I have observed that if i am using (1) and (3) or (2) and (3), what will happen is that the email system will prompt me to enter password again. But this should not happen as i am already, supposedly "login to email". Most of the time when this happen, it is because my Domain/ADID has been locked out. The prompt is to ask for password. If i am using (3) solely, that is , when both my office and personal LT are switched off, i can use (3) eg throughout the weekends without issue. as soon as i turn with (1) or (2) on, after a while, the prompt will appear, on (1) and (3) if i am turn on (1) , (2) and (3) if i turn on (2).

2) So far, it is affecting consistently for staff with similar configuration as i do. However, for some staff, they do not want to configure their email in the IOS default mail. They choose to use the online Exchange portal via browser their iphone (3). for these people, they do not have this issue.

3) For that, i have not really tried that. Reason is because my iphone is on all the time. I should try it at some point.

I have tried to setup my office email using the "Outlook app" in IOS. however, i realised that was not allowed somehow, by the email admin. They only enable setting up of email using the default Mail app in IOS or Andriod only.

Please let me know if the info i have provided is still not sufficient. Thank you .

0 Votes 0 ·

Hi @ChuaBoonYiang-5038,

They only enable setting up of email using the default Mail app in IOS or Andriod only.

For those who have the email account configured in the default Mail app in Android, do they have the same issue?

If this is only affecting iPhone users who are using the default mail app, chances are that the issue could be related to the iOS mail app side.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Hi @ChuaBoonYiang-5038,

I am writing to see if there is any further findings on the issue. Should you need more help on this, feel free to post back.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Thanks Yuki.

the problem is still there and i just do not know what is causing it. I did not turn on my outlook client in (2) or (1) in the last 2 days.
My mail access in iphone was all ok. as soon as i turn on (2) today. the problem comes back again. hence, i really don't know which app is giving problem. but i guess i just have to live with it.

0 Votes 0 ·

Hi @ChuaBoonYiang-5038,

Okay. Feels it could be quite tough to investigate the issue without involving the IT contactor. Anyway, should you notice any more clues or there's anything you think we can do to help on this issue, feel free to let us know.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
ChuaBoonYiang-5038 avatar image
1 Vote"
ChuaBoonYiang-5038 answered

Hi Yuki

i just saw this article by chance and tried it. It seems to resolve the problem i am facing. bascially, i added a registry entry

AlwaysUseMSOAuthForAutoDiscover

https://docs.microsoft.com/en-US/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled

However, i do not know what it does.

Do you think is there any potential harm adding this though it seems that the issue has been resolved now ?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ChuaBoonYiang-5038,

Great to know that the issue seems to have been resolved now!

As per your concern about the registry entry being added, as far as I know it is used to force Outlook to use Modern Authentication. Actually this is the official recommended practice so I don't think it will do any harm : )

Reference:
Modern Authentication configuration requirements for transition from Office 365 dedicated/ITAR to vNext
125841-1.png

In the article you shared above, it was also mentioned that "We recommend that users force Outlook to use Modern Authentication."

By the way, I've converted your post from comment to answer, so that if everything goes well, you can click "Accept Answer" under your post. This can defenitely help others who encounter similar issues to more easily find the useful information. Thanks again for your valuable sharing.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·
1.png (25.7 KiB)