UE-V Credential Roaming & Outlook 2013 updates

!!! UPDATE !!!

Microsoft has released the “April 14, 2015 update for Outlook 2013 (KB2965270)” update in which the issue described below has been fixed. There is one manual action a user needs to do which is a bit nasty if a user also has certificates that are romaed. The UEV package needs to be deleted OR a user needs to open the Credential Manager and manually remove the stored credentials! As an administrator you need to revert back to the original UEV template. Don’t forget to update the version number otherwise the already created UEV packages are ignored!

UE-V 2.1 gives customers the ability to synchronize credentials and certificates stored in the Windows Credential Manager. This component is disabled by default. Enabling this component lets users keep their domain credentials and certificates in sync. Users can sign in one time on a device, and these credentials will roam for that user across all of their UE-V enabled devices.

Consider the following. All your mailboxes are part of an Office365 deployment and you have non-persistent VDI’s with Microsoft Office 2013 Pro Plus installed on it. When users open Outlook 2013 they are prompted for their Office365 credentials.

Outlook_CredentailPrompt

Users enters their credentials and enable the “Remember my credentials” and click on OK. Outlook starts and within the VDI session, after closing and opening Outlook multiple times, the user isn’t prompted for their credentials. In the Credential Manager an entry is made like the one below:

UE-V-Enterprise

Note that the persistence type equals Enterprise. At the end of the day the user logs off, the credentials are saved in the central UEV-V setting store and the non-persistent VDI will be recycled. The next day the user logs into a new VDI and UE-V makes sure the stored credentials are loaded into the Credential Manager and, when opening Outlook, the user is not prompted for any credentials. All seems fine until installing KB2956087 or newer (e.g. KB2956170). After this the persistence type has been changed from Enterprise to Local Computer and UE-V Credential Roaming is broken. This is because UE-V default only roams Enterprise credentials.

UE-V-LocalComputer

After this the persistence type has been changed from Enterprise to Local Computer and UE-V Credential Roaming is broken. This is because UE-V default only roams Enterprise credentials.

I came across this issue at multiple customer sites and solved it by adjusting the default UE-V Credential Roaming template. The change that I made was copying the segment of the roaming part, pasted it above these lines and adjusting the roaming part to local.

UE-V-Template

After this the credentials are roamed between VDI sessions.