• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

Accessing Web Outlook access through Internet Explorer after changing password on LAN

Certain users are constantly being asked to re-enter their password when they go to web Outlook acess and move around folder etc.... Is their anyway to stop IE doing this?
Basically when users change their password on the LAN, and then travell they being constantly asked to re-enter their passwords when the access Webmail.
1 Solution
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
When a user logs onto the domain they are authenticated and should not be asked for any more passwords when accessing the domain's resources or Outlook/Exchange.  When using Outlook Web Access, you will always get the logon box as you are hitting the server via web interface and are not authenticated that way.  

If they are Domain users and hit OWA via the web, they should get a logon screen once and after entering the proper credentials they should be fine for the rest of the session.

If they need access to other resorces or Outlook itself, then you might try using a VPN server.  It is a quick setup on the client machine and once the user Authenticates via VPN, then Outlook and all network resources are available, although slower, on the local machine and you won't get those logon boxes popping up.
I agree with samccarthy, we had problems like this with our webmail until we setup all laptop users to use a VPN connection to access the webmail.
A couple of qualifications. IE passes domain credentials to machines when there are no dots in the name. So if you went to http://webserver/owa and you were logged on to the network with the proper credentials and using IE, you would gain access to OWA. If you use the fqdn and the network portion of the address hasn't been supplied as the intranet in the IE settings, IE will assume you are going to the Internet and will not try to pass your domain credentials to the other machine. So if you go to http://webserver.yourcompany.com/owa and you didn't have that specified as your intranet, you would be prompted for a user id and password. In this case, I hope your are using https or some joker is likely to grab your logon credentials. Also, if you do not use IE, like me you use firefox or some other browser, they typically (as far as I know all) do not pass your domain credentials to any machines. So regardless of whether you used the local name of the web site or the fqdn, using one of these browsers means that you will have to enter your password at least once.

As far as their problem with having their passwords changed while they are on the road and continually being prompted for passwords, I think that is a separate issue. I'm guessing your users log onto their machines using cached credentials. When they dial up they have to use whatever their dial-in password is. Now that they have a new password back home, they are being required to enter their password at every corner because their cached credentials are no longer correct. I can't tell you exactly how to fix this without knowing the lay of your LAN but what you need to do is get your dial-in users to logon to the domain so they aren't using the old cached credentials anymore. An easy way to do this would be to set up a special RRAS box that users could dial into when they first log on to their machine and check the box that says logon by dialing or whatever that is. Have the RRAS box allow network logons so when the user dials in, they are actually authenticated by the network and now they will have to use their new password to logon to their local machine's cached account and they won't have to keep entering their password over and over. Man... I made that hard. I hope you can make some sense out of it. It's really a lot aesier than I made it sound!

OK, good luck!

To Fix this login problem.

-Open Administrative tools>>IIS
-Rigth Click on the webmail website the properties.
-Directory Security Tab
-Uncheck the Basic Authintication then Ok

restart the IIS service then try the webmail.

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Would that not leave your webmail open to anyone then mweehcx?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now