4

I work in a BYOD environment and my laptop still have Windows 7.

Every so often I get locked out of the domain at our company and have to phone the IS helpdesk and ask them to unlock my account. Apparently they just reset my account on the domain controller.

A colleague pointed out every time I get locked out there's a virtualapp/didlogical generic credential that appeared out of nowhere in Windows' credential manager.

Some Googling tells me that virtualapp/didlogical generic credential comes from Windows Live Essentials, but I can't find any more information on it. I don't use any of the applications in that package, other than Movie Maker on rare occasions.

It seems to me that some application in Windows Live Essentials is trying to access some service, maybe through the proxy, using the wrong password and causes my account to be locked.

So my questions:

  • Is it the virtualapp/didlogical generic credential that causes me to get locked out?
  • If so, what can I do about it?
    • Is it an application in Windows Live Essentials?
    • Can I disable or reconfigure the application?
  • If not, how can I troubleshoot the problem?
iWerner
  • 91

2 Answers2

2

I would first suggest extensive checks by several well-known anti-virus products.

Two solutions that might work:

  1. Uninstall all Windows Live applications and delete this generic credential.

  2. To keep Windows Live applications but still get rid of this license, you will need to delete it every day, either manually or programmatically:

Create a Windows batch command file, say DelWinLive.cmd, and insert this command:

cmdkey /delete:"WindowsLive:target=virtualapp/didlogical"

You can either manually click the .cmd file to run, schedule it to run automatically via Windows Task Scheduler, or put it into the Windows Startup folder to run automatically each time that Windows boots up.

harrymc
  • 498,455
1

I realise this question is 6 years old but as I struggled finding anything on this issue I felt it was worth posting some detail.

I've had a similar issue with a domain joined machine. After a password change all appears well but after a few days I would notice that coming back to unlock my machine I would have my password locked out. We spent a lot of time diagnosing whether I had a service running in my old password, another device causing the lockout etc... even to the extent of detailed log analysis on the AD controllers which showed the incorrect password was from my PC.

After much hunting we fell on the virtualapp/didlogical password cache, but as a user or even an admin user it was hidden to me. https://www.howtoguides.org/what-is-virtualappdidlogical suggests it's used in Windows Live products, however I believe it's caused by our office 2016 which is running against Office 365 caching my old password.

Deletion is a bit tricky as they're stored under the SYSTEM account and you need the PSEXEC utility to get to credential manager as SYSTEM to see it:

Download PsExec.exe from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and copy it to C:\Windows\System32 .

From a command prompt run: "psexec64 -i -s -d cmd.exe"

From the new DOS window run: "rundll32 keymgr.dll,KRShowKeyMgr"

Remove any items that appear in the list of Stored User Names and Passwords. Restart the computer.

I found this fix here: https://social.technet.microsoft.com/Forums/windows/en-US/e1ef04fa-6aea-47fe-9392-45929239bd68/securitykerberos-event-id-14-credential-manager-causes-system-to-login-to-network-with-invalid?forum=w7itprosecurity

Peter Hurst
  • 11