One of our clients has a SharePoint 2007 installation running on Windows 2003 and active directory. The installation and set up is, as far as I am aware fairly standard with the exception that the server also has Exchange 2003 installed. This causes some issues with mail enabled folders but as this feature is not used we are not overly concerned about this. This installation is run primarily as an internal site with occasional access by workers away from their place of work. The clients are on the whole either Windows XP Pro or Windows Vista Business and in most cases Office 2007. Automatic updates are on so most workstation should receive most critical updates. In general SharePoint runs well and we have very few issues with it. One area that I don’t understand is that users always have to log on, even when authenticated on the internal network. As far as I can see IIS is configured for Windows authentication and the application settings indicate the same. I would have therefore assumed that there should be no need to enter a username and password when already authenticated on an internal workstation? Putting this aside, in most cases we have resolved this issue by adding the application to the local intranet zone within Internet Explorer and then setting the password details to remember. Although there is an initial requirement to log on this only occurs once and is therefore acceptable. On one workstation this doesn’t work all the time and the user has to continually log on which is very annoying and causes significant issues when attempting to access mapped drives eg to attach a document to an email. While I am no expert at SharePoint I do a significant amount of .Net development experience so do have some knowledge of how these things should run. I’m assuming the real issue here is working out why Windows Authentication isn’t working correctly but any advice to trouble shoot these log on issues would be appreciated. Martyn Fewtrell mfewtrell@networkclub.co.uk

You can try the following under Internet Explorer :- In Internet Explorer go to Tools > Internet Options Under Security Tab Click on Local Intranet followed by Clicking on Custom Level . On the Custom Level window scroll all the way down, Under User Authentication > Logon Select Automatic Logon with current user name and password, you can even try the Automatic logon only in Intranet zone as its little secure in many ways. Close Internet explorer and Restart the Machine. Once the machine is up try opening the Sharepoint site . Let us know if the above mentioned steps helps. - Mukesh

Thanks I have tried various versions of this fix in the past without success. I will run through the options again but it will take a little while to test the results (it may trake a day or two to see whether it fixes the problem). Either way I assume I am correct in my understanding that with Windows Authentication enabled users on the internal network who have already authenticated against the Domain Controller shouldn't have to authenticate anyway? Martyn.

This can even happen if you have ticked the checkbox which says Remember my Password box while login on the SharePoint site, and later the user changed his password. So now when the user opens the SharePoint site, first its referring to the Stored Username & Password store and as the password does not match it prompts for the same. To delete the Username and Password from the Store. Go to run and type Control keymgr.dll and press OK . In the Stored user Names and Passwords window delete the corresponding entry for the site. Restart IE and Open the SharePoint Site now. You can tick the Remember my Password box to save the new credentials. Let me know how it goes.. -Mukesh

In addition to Mukesh's very relevant posts here (I reccommend looking into the Stored Credentials that he mentions in his last post), there are a few other issues that can effect authentication. I don't want to send you chasing after some of the more unlikely scenarios, but one I've commonly run into is issues with proxy servers and dns resolution of FQDN (fully qualified domain names). You haven't mentioned whether you use a proxy server or not - if you do, it might be worth pursuing that as a cause for authentication issues. Another is customized security settings for zones - the reason that adding users to Local Intranet helps is that security settings are different for this zone. In particular the "Automatic Logon" setting is enabled for sites in the intranet zone. If security has been customized, make sure that this setting is still enabled - depending on the browser version, there are different options available for this setting, but you want to make sure that browser has automatic logon enabled for that site (in the affected user's profile). [Edit] I also wanted to add, that this is a common issue, and admins often run from PC to PC adding sites to zones and checking security settings - but this can be controlled more easily using group poicies. You can assign sites to intranet zone and control zone security across your domain using group policies.