Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.

Posted on 2009-05-13
13
Medium Priority
?
454 Views
Last Modified: 2012-06-21
Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.  New mail is still pulled but it asks for the username and password every send/recieve on outlook 2007 clients.  I can reset iis and it seems to resolve the problem but the first time someone logs in via outlook anywhere it starts asking for passwords on the internal outlook 2007 clients. This is on Exchange 2007 SP1 and Outlook 2007 SP2.
0
Comment
Question by:tconkle
  • 7
  • 6
13 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24375395
You haven't configured the Exchange services properly.

Go through http://smarthost.blogspot.com/2008/12/configuring-autodiscover-for-exchange.html
0
 

Author Comment

by:tconkle
ID: 24375863
Rajith, I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck.

I've got outlook anywhere set to NTLM authentication with SSL offloading on....could this be causing my issues?
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 400 total points
ID: 24376044
Change authentication to basic.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376057
"""I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck."""

Is this srv record with the public dns?
0
 

Author Comment

by:tconkle
ID: 24376120
no I set it up on my internal dns server that handles my domain.
External outlook anywhere clients have no problems
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376181
Why do you use Outlook anywhere internally? Even if you do, then you need to have a spilt dns system for it to work, your Outlook clients will always be looking at mail.domain.com (or any url you use).

Check http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
0
 

Author Comment

by:tconkle
ID: 24376290
Ok I think changing that to basic on outlook anywhere allows everything to stay working correctly.....is it still secure that way though? Is there a way to use it with NTLM without breaking the internal clients?
I'm going to watch it for the next little while and see if it stays working.
0
 

Author Comment

by:tconkle
ID: 24376297
I don't want to use outlook anywhere internally...and as far as I know I am not using it internally.
0
 

Author Comment

by:tconkle
ID: 24376315
Ahhhh... I do have a split dns setup though....
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376344
If you have a split dns, then put an A record in your publicdomain zone in your internal DNS, pointing to your CAS server ip address.

Regarding security, are you not using a certificate and it only uses port 443 and is secure.
0
 

Author Comment

by:tconkle
ID: 24376423
I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?
Yeah, I've got a certificate that I am using with OWA...
0
 

Accepted Solution

by:
tconkle earned 0 total points
ID: 24376703
Okay, I had an idiot moment...SSL offloading was turned on for Outlook Anywhere. I unchecked that with NTLM on, and enabled Kernal-Mode authentication for the RPC and RPCwithCert virtual directories in IIS and everything seems to be stable. I'm going to give this 24 hours just to be sure.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24378298
""I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?""

Apart from that, in your split dns model, you need an A record for Autodiscover pointing to your CAS IP.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month10 days, 11 hours left to enroll

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question