If you encounter repeated login prompt even when the credential entered is correct, there are some common solutions that can help. If the issue persists after all these solutions are in place, systematic troubleshooting will be needed.
Here are the common areas to check, on the clients and the servers.
Client Side Solutions
Add the team Web site to the list of trusted intranet sites
To do this, complete the following steps:
- On the Internet Explorer toolbar, click Tools, and then click Internet Options.
- In the Internet Options dialog box, click the Security tab, and then select Local intranet.
- Click Sites, and then click Advanced.
- Type the URL of the team Web site in the Add this Web site to the zone box, click Add, and then click OK.
Bypass proxy server for local addresses
To bypass your Internet proxy for local addresses in Microsoft Internet Explorer 5 or later, complete the following steps:
- On the Internet Explorer toolbar, clickTools, and then click Internet Options.
- In theInternet Options dialog box, click the Connections tab, and then click LAN Settings.
- UnderProxy server, select the Bypass proxy server for local addresses check box, and then click OK.
Make sure Integrated Windows Authentication is enabled.
Make sure Integrated Windows authentication is enabled in IE. (Tools >> Internet Options >> Advanced >> under security, enable integrated authentication)
Add the entry to the Credentials Manager
- Go to Start > Run and type in control keymgr.dll to open the Windows key manager.
Alternatevily: navigate to Contorl Panel > User Accounts > Manager Windows Credentials
- Select Add a generic credential
- Add yourSharePoint site URL, login and password to the corresponding fields. If this entry already exists, edit it to have your login credentials.
- Reboot the computer.
If you are missing the Add button, you may want to modify Windows Registry to be able to save the password.
Note: for editing Windows Registry, administrator rights are required. Editing Windows Registry is not safe and users will perform it at their own risk.
- In Windows, go to Start > Run and enter regedit.
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\.
- Find the DisableDomainCreds A value of 1(enabled) will prevent you from saving new credentials.
Change the value to 0 and reboot. Now you should have the Add button available. Note that 0 is the default value.
- Also check the LmCompatibilityLevel It should be set to 3, which is the default value. If you have another value, change it to 3. If it does not work with 3, then also try it with 2.
- Reboot the computer to apply changes.
If the client PCs are using Windows 7, some hotfixes may be needed:
The solutions below are specific to the “Open with Explorer” function. If you get prompted for login repeatedly when using “Open with Explorer” after trying the configurations above, you can try the solutions below.
Restart WebClient Service
- Click Start > Run
- Enter ‘services.msc’
- Find the WebCient service and select Restart
Check Internet Explorer Version
- Windows 7: Internet Explorer 10 is not yet compatible with the You will need to revert to Internet Explorer 9.
- Windows 8: Internet Explorer 10 is compatible, so you should not have an issue with this OS and browser version combination.
Server Side solutions
Specify Host Names on each SharePoint Web Front End. (Preferred method over disabling loopback check)
To do this, follow these steps for all the nodes on the client computer:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Quit Registry Editor, and then restart the IISAdmin service.
Client and Server Coordination
Make sure the NTLM Level is the same among Domain Controllers, SharePoint Servers and Clients
This can be pushed down from a Domain Controller using GPO (Group Policy Object).
- Use Group Policy Editor (GPE) to open the Group Policy Object (GPO) you want to modify. You can create a policy that applies to the OUs that contains the DCs, SharePoint Servers, and user clients.
- Navigate to Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options.
- Double-click the “Network security: LAN Manager authentication level” policy.
You can choose a level that is acceptable to your internal security policy, Just make sure you use the same level across DCs, SharePoint Servers and clients.
- Select “Define this policy setting” and from the drop-down menu select the desired level.
- Click OK.
- Close the GPO.
- To make the modification effective immediately, run gpupdate /force on all the servers and clients.