If you're using the AD, and assuming that the user are already logged into their workstation with the AD account, why not use the Open Remote with the FMS file list filtering configuration setting? Open Remote will then only show files that the users have an account in.
As to why it is failing for you, it's unclear. Seems to me that the changes to the record-level access are a red herring because those are only evaluated AFTER the user is authenticated already. So being prompted comes before the RLA calcs are run.
Anything strange in the FMS event log or the Windows security log? I've seen something similar happen where the AD is physically far away from the users and the round trip to and from it was higher than what FMP is willing to wait for. So check the latency on the network. Also check all the usual suspects like clocks not being in sync and so on.
I would gladly use FMS file list filtering if Open Remote showed the directory structure. For Example,
. . . but it shows all open files as a flat list. I tried prepending the directory structure to the file name (HR_Directory, Financial_Directory), but that gets ugly -- something which counts around here.
I see nothing in the logs or network. Besides, I have the same relogin prolbem when I use FileMaker accounts.
When you do this, do you use the Open URL script step, with an address of fmp7://server/filename.fp7?