none
kb2553248 causes outlook to ask for smart card

    Question

  • after installing ms updates ( kb2553248) this cause outlook 2010 to ask for smart card credentials ?
    Thursday, April 12, 2012 12:05 PM

All replies

  • Hi,

    We got same problem here on many workstations.  I'm looking to find a solution.  For now, only found is to uninstall this update.

    Thursday, April 12, 2012 12:51 PM
  • Same issue here, we have 348 mailboxes across the organization and so far, all of those who had KB2553248 and KB2553406 installed had the problem, either asking for a Smart Card or Connecting to.... pop-ups; removing those updates have solved the issue. Still waiting for official confirmation from MS about the incidents. Good luck!

    RC


    • Edited by Lexdrak Thursday, April 12, 2012 5:28 PM
    Thursday, April 12, 2012 5:27 PM
  • After installing KB2553248 we had the same problem.  I manage several orginazations Exchange servers and have had the problem only at one of locations so far.  Trying to figure out why that is.  Several of those including my own have the update and are running just fine with no popups.  I have updates going out to 1800 users next week.  Hopefully, this will get figured out by then.  For now I am not allowing that update to go out.
    Thursday, April 12, 2012 5:47 PM
  • I've the same problem.

    For now the only way to solve it is to uninstall the 2553248 update.

    After uninstalling it, outlook don't ask me never card / smart reader credentials.


    .: stefano ropele :.

    Thursday, April 12, 2012 6:28 PM
  • Hi,

    Is your autodiscover service works well in your location where you're encounterring this problem?

    Thanks.

    Thursday, April 12, 2012 6:45 PM
  • Hello,

    Just making a quick post to let everyone know that Microsoft Support (me) has just now started looking into this issue.  I will update this thread as soon as there are any new discoveries.


    RKeith - [MSFT]

    Thursday, April 12, 2012 10:57 PM
    Moderator
  • In one of the first support cases on this issue the problem was resolved by changing the SSL settings on the Autodiscover virtual directory from "Accept" to "Ignore". 

    For example in Windows Server 2008 R2 do the following:
    Open the IIS Manager
    Expand the Default Web Site to click on the Autodiscover virtual directory
    On the right pane locate SSL Settings
    Open SSL Settings and make sure Require SSL is checked and Client Certificates is set to Ignore.


    Friday, April 13, 2012 12:03 AM
  • Thanks for isolating the problem. I was originally rolling back the entire update, but thanks to you I uninstalled that update only. I wanted to cross-post exactly what I did for other "accidental techies."

    Go to installed updates, right click on KB2553248 and uninstall it. For whatever reason, there are TWO KB2553248 files, so you have to uninstall both of them.

    Before you restart, go to Windows Updates and click check for new updates. When KB2553248 comes back, uncheck it, then right click and hit "Hide." This will prevent it from re-installing.

    Restart the PC and it will work.

    I didn't do the second part on a few PCs yesterday and found that the just re-installed last night.

    It looks like MS is on it.

    Friday, April 13, 2012 4:09 PM
  • In one of the first support cases on this issue the problem was resolved by changing the SSL settings on the Autodiscover virtual directory from "Accept" to "Ignore". 

    For example in Windows Server 2008 R2 do the following:
    Open the IIS Manager
    Expand the Default Web Site to click on the Autodiscover virtual directory
    On the right pane locate SSL Settings
    Open SSL Settings and make sure Require SSL is checked and Client Certificates is set to Ignore.


    I looked at this, but when I go to Default Web Site and then SSL the require ssl setting is blanked out. 
    Friday, April 13, 2012 5:18 PM
    • In IIS, navigate to the “EWS” virtual directory, right-click, select “Properties”
    • Select the “Directory Security” tab
    • In the “Secure Communications” frame, click “Edit”
      • Check the box named “Require secure channel (SSL)”
    • In the “Client Certificates” frame
      • Check the box to select “Ignore client certificates”
    • Click "OK", click "Apply"
    • The steps are slightly different in IIS7, below are screenshots of each.


    RKeith - [MSFT]

    Friday, April 13, 2012 5:42 PM
    Moderator
  • This didn't work for me, running exchange 2007 on 2K3 R2 and outlook 2010 x64 on W7. Moreover, after iisreset the client certificates are always back at 'accept' again.

    I'm now going to uninstall KB2553248 and await a proper fix.

    Saturday, April 14, 2012 11:46 AM
  • When I change to SSL settinga on Autodiscover to Client Certificates to Ignore, now in Outlook it keeps me username and password every time, even that this PC is on domain. But fixes Smart card popup.

    SO i returned to Accept and deleted/unisntalled update KB2553248, because this is not a solution

    • Proposed as answer by scarboni888 Saturday, August 11, 2012 2:12 PM
    Monday, April 16, 2012 12:31 PM
  • In my work place, this only happens on 64bit Win7 PCs, 32bit Win7 and XP PCs have no problem with the update.
    Monday, April 16, 2012 8:28 PM
  • Hi,

    I've just read the work around regarding this issue (changing the SSL Client Certificate from Accept to Ignore).

    For about a year (in 2009) whenever I was working remotely I would constantly get Outlook prompting for a username/password and when entering them Outlook would come straight back with the same prompt relentlessly.

    Loads of web searches or forum posts didn't resolve the problem (no one else seem to get it) but I did eventually find a fix to my problem in December 2010: http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/383d130e-869f-4fce-9502-8b340904b0ba.  

    The solution was to change SSL Client Certificate from Ignore to Accept!

    If I change this setting back to Ignore, am I not going to start getting my original problem back? (Or will KB2553248 fix this at the client/outlook end?)

    Thanks,

    Chris

    Tuesday, April 17, 2012 8:30 AM
  • Having same issue since release. Many hosted Exchange servers in our rack, most are all 2010 fully patched. tried the SSL Client Cert - Ignore fix with no effect in every case. All problematic client machines are windows 7 x32 with 32bit Outlook 2010. TK2012 was correct in stating there were 2 instances of KB2553248 in some machines in the updates and i had to uninstall them both, then hide the installation on windows update to fix.

    I spent the whole day today fixing this on multiple customers' client machines. ...tomorrow should be the same...

    I'll be waiting for the kb fix for the kb, and in the mean time disable that update from all of our clients via our management app.

    **** UPDATE - FIXED *****

    Well, after the second KB of the same name came out, all but one of our customers were fixed. The remaining customer had underlieing issues.

    1st issue was a botched loopback policy for access to Autodiscover srv record (discovered this by doing the "Test Email Autoconfiguration" option in outlook from a fresh workstation).

    2nd issue was that this customer was using BPOS Microsoftonline hosted exchange 8 months ago before migrating to a personal exchange server. after uninstalling the microsoftonline connector application 8 months ago, i noticed today it had hardcoded bad entries for the RED001 (microsoftonline.com) Autodiscover record in outlook files and the registry.

    So now instead of removing all these KB's from everyone's computer/user profile, i have to make a script to delete "C:\Users\<USERNAME>\AppData\Local\Microsoft\Sign In\"

    as well as delete all these registry entries:

    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover

    • PreferLocalXML=dword:1
    • ExcludeHttpRedirect=dword:0
    • ExcludeHttpsAutodiscoverDomain=dword:1
    • ExcludeHttpsRootDomain=dword:1
    • ExcludeScpLookup=dword:1
    • ExcludeSrvLookup=dword:1
    • ExcludeSrvRecord=dword:1

    RECAP FOR EVERYONE ELSE HAVING THIS ISSUE:

    a simple test to see if you may be having autodiscover issues is to check to see if outlook will let you setup an out of office message. or run the test email autodiscover option from holding down ctrl + right click on outlook task icon. (these would have to be tested from offsite of where the exchange server is)


    Wednesday, April 18, 2012 12:41 AM
  • Thought I would toss my hat into the ring too.. I'm having the exact error message as everyone else here.. Thanks m$.
    Wednesday, April 18, 2012 2:34 PM
  • I have come across this issue today and it's causing a bit of a headache. Client computers receiving these errors are all Win7 Pro 32bit and Office 2010 Pro Plus with Exchange Server 2010 running Win 2008R2. Thanks
    Wednesday, April 18, 2012 2:42 PM
  • Have this issue also , multiple users on 64bit , 32bit.  very painfull
    Thursday, April 19, 2012 10:52 AM
  • Got the same problem and I've verified the IIS settings on the Autodiscover are configured like above (Require SSL checked and Client Certificates set to Ignore).
    Friday, May 11, 2012 7:31 AM
  • Anyone heard of any news regarding this problem where Outlook 2010 asks for smart card after installing KB2553248?
    Wednesday, June 13, 2012 12:51 PM
  • Hello,

    The workaround mentioned above (see my screenshots) is what most customers have had the most success with.


    RKeith - [MSFT]


    Thursday, June 14, 2012 8:52 PM
    Moderator
  • but it doesn't work for me.. any others solution?
    Thursday, June 21, 2012 8:27 AM
  • Hey RKeith.  Thanks for the info.  Settings are as they should be on both sites in IIS.  Uninstalling both kb2553248 updates definitely resolves the issue on workstations, but looking to resolve on the Exchange Server rather than removing from a few hundred workstation.  I do have an email in to Microsoft, so will post back if they have a better solution. 


    • Edited by Doug_44 Monday, June 25, 2012 7:53 PM
    Monday, June 25, 2012 7:52 PM
  • Uninstalling the patch is not an option for us since this Hotfix solves another problem which is even MORE critical since this causes our Outlook clients to switch between several Public Folder servers many times per second and slowing down the client completely.
    Monday, June 25, 2012 9:08 PM
  • Hey RKeith.  Thanks for the info.  Settings are as they should be on both sites in IIS.  Uninstalling both kb2553248 updates definitely resolves the issue on workstations, but looking to resolve on the Exchange Server rather than removing from a few hundred workstation.  I do have an email in to Microsoft, so will post back if they have a better solution. 



    I'm sorry Doug, but we don't have a timeframe yet for a change that would effect this problem.

    RKeith - [MSFT]

    Tuesday, June 26, 2012 10:37 PM
    Moderator
  • but it doesn't work for me.. any others solution?
    I would suggest contacting Microsoft Support & opening a service request to help identify how your configuration is differnt & whether there are any additional workarounds available that might work in your particular environment.

    RKeith - [MSFT]

    Tuesday, June 26, 2012 10:38 PM
    Moderator
  • hello,

    actually I don't have changed my server configuration, but only uninstall both KB2553248, and it work all fine...


    .: stefano ropele :.

    Wednesday, June 27, 2012 7:29 AM
  • It is really cumbersome that as of this date this issue has been resolved. I finally decided to change the client certificates to ignore after months of working around it, without uninstalling the hotfix updates.
    Thursday, November 22, 2012 7:54 PM
  • Delete

    KB2687623

    KB2597090

    Enjoy!

    This anwer takes from me 60-80 reboots!


    • Edited by rerime Wednesday, June 26, 2013 2:26 PM mistake
    Wednesday, June 26, 2013 2:25 PM
  • Is there a command line or a utility that can automate the process ?

    Having to find them and uninstall on all the clients PC is a no fun workaround !

    If not, I would suggest Microsoft patchers to do it...


    Jean-Jacques

    Sunday, July 14, 2013 6:05 AM
  • Hello,

    we had the same problem and uninstalling the Patch on more than 900 computers is no good solution for us.
    I used a GPO to disable the Systemservice "Smardcard" and I disabled the SmartCard PNP to solve this Problem.

    Here ist the Path to the GPO (We use german servers so the translation may be not perfect)
    Computer --> Windows Settings --> Security --> Systemservices --> Smardcard
    Computer --> Administrative.. --> Windows-Components --> Smardcard --> Smardcard-Plug & Play Service

    Greetings
    Robert

    Thursday, October 10, 2013 9:58 AM