Hello, I posted this question on Exchange Client forum but moderator asked me to put this question under windows client forum. We have a messaging environment on Exchange 2010. Some of our users get intermittent password prompt issues with their Outlook profile. We perform different troubleshooting steps to resolve it. Lets put all other troubleshooting aside for now and discuss about a common observation I have seen in most cases. Most of our users are on Outlook 2010 with Windows 7 (also some combination of Outlook 2007 and Windows XP). When we launch Credential Manager in Control Panel, there are some strange entries under Generic Credential the looks like "MS.Outlook:user@casarray.domain.com:PUT". If we delete the credentials that end with ":PUT", the password prompt goes away. I have done a lot of search, but there is no information on Microsoft site on from where ":PUT" gets added, how this occurs, if this is an Outlook or OS issue, this looks like bug for a while but no hotfix available (or know to me atleast). We have many thousands mailbox users in our environment and anyone may come across this problem. It is not pratical to delete these strange credentials for every single user manually. There should be at least a hotfix for this problem. Can anyone explain me more about these ":PUT" credentials under Credential Manager? What does it signifies and how it can be retified permanently? Thanks, Rajdeep

Hi, The entry in generic credentials appears because the users chose to save their password when accessing Outlook. After the credential is stored, users do not need to input credential for the program, such as outlook. About the issue, it occurs since users changed their password, but credential stored always is sent for authentication, domain controller detects the incorrect password and then users receive the credential prompt. When users input correct username and password, they should access outlook normally, but next time launching outlook, the credential stored still is sent as before, again, the credential prompt pops up.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Diana, Thank you so much for such a great explanation. I am still looking for help for the other part. When a user changes the password, he is being prompted for password in Outlook. The user enters his credentials with new password and also check "Remember my credentials". This option ideally updates the credential manager but old the credentials (as explained by you) still show up in the Credentials Manager with trailing ":PUT" characters. It doesn't go away and users have to delete it manually or else, when the Outlook is re-opened, it prompts for password again. It looks like it is still fetching credentials from the wrong one (:PUT) and not the latest one that user saved after resetting password. This is buggy. Windows should either remove stale credentials automatically or atleast it should refer to the latest saved credential for authentication. Is there a permanent fix for this or is this something not reported yet? Thanks, Rajdeep

Hi Rajdeep, Windows 'Credential Store' supports different type of network passwords. Each type uses different kind of encryption and storage mechanism. Also each type of password requires different level of access privileges for decryption. "Generic Password"(Generic Credentials) type is used to store all user specific credentials and only that user can decrypt such passwords. After user changes his password, he cannot decrypt credentials stored and has to resave it after deletion. If you would not like to store the credential on clients, we can disable Credential Manager completely, you can refer the method below: 1. Login to a specific client as administrator, open Registry Editor. 2. Locate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, create a DWORD value DisableCredMan and set it to 1, reboot the client, the client will not store credentials. Best regards DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Rajdeep, I have done testing on my machine, I saved password for Outlook and then changed my password, when opened Outlook I received credential prompt, then I typed new password and checked "Save my password", I opened Outlook again and typed new password and checked "Save my password", after that the credential dialog box disappears. So the entries stored are updated after changing password. Thanks DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Diana, It appears like you had to check "Remember my credentials" twice as per the above post. I just have to check it once after I change my password. To reproduce the password prompt again, I removed my old credential from vault. It created a new entry again which also had a trailing ":PUT". This is now confusing, how a new save credential has ":PUT", it is supposed to show up after password expires. However, this has never caused problem to me and most of the user in our environment. But there are some users who have to remove such credentials and then save new password to get rid of the password prompt. I have requested my colleague at Helpdesk to run "cmdkey /list" before and after the issues occurs for any end user at his site. Thanks, Rajdeep

Hi Rajdeep, During my testing, I checked the entries stored in Credential Manager, and related Outlook entry always ends with :PUT, PUT means Pointer to User Target, I think it should not related to the issue. Thanks DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Diana, I appreciate your quick reply. All information provided by you are really helpful. I will provide the credential information when we deal with any affected user next time. Thanks, Rajdeep

Hi Diana, Thanks for your reply. It sounds like, we have only two options here - we can completely disable Credential Manager by modifying registry (as suggested above) so that user can't store any credential on client machine and they will be always prompted for password every time they open Outlook.User would have to manually delete old credentials (trailing ":PUT") and then enter new credentials and save it until next password expiration. There is no way that we can configure to cleanup old credentials automatically without any manual interventions. Please let me know if I misunderstood this by any chance. Thanks, Rajdeep

Hi Rajdeep, At the moment, I have a new idea, let's check if the entry stored is changed after users change their password and choose to save password. You can run the following command before and after the issue happens, paste the output here: cmdkey /list Thanks DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Diana, I will have my colleagues at helpdesk team check this with a user who will reset password next time. This may take a few days. I will update this thread once I have more information. Thanks, Rajdeep