Solved

Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.

Posted on 2009-05-13
13
451 Views
Last Modified: 2012-06-21
Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.  New mail is still pulled but it asks for the username and password every send/recieve on outlook 2007 clients.  I can reset iis and it seems to resolve the problem but the first time someone logs in via outlook anywhere it starts asking for passwords on the internal outlook 2007 clients. This is on Exchange 2007 SP1 and Outlook 2007 SP2.
0
Comment
Question by:tconkle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24375395
You haven't configured the Exchange services properly.

Go through http://smarthost.blogspot.com/2008/12/configuring-autodiscover-for-exchange.html
0
 

Author Comment

by:tconkle
ID: 24375863
Rajith, I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck.

I've got outlook anywhere set to NTLM authentication with SSL offloading on....could this be causing my issues?
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 100 total points
ID: 24376044
Change authentication to basic.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376057
"""I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck."""

Is this srv record with the public dns?
0
 

Author Comment

by:tconkle
ID: 24376120
no I set it up on my internal dns server that handles my domain.
External outlook anywhere clients have no problems
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376181
Why do you use Outlook anywhere internally? Even if you do, then you need to have a spilt dns system for it to work, your Outlook clients will always be looking at mail.domain.com (or any url you use).

Check http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
0
 

Author Comment

by:tconkle
ID: 24376290
Ok I think changing that to basic on outlook anywhere allows everything to stay working correctly.....is it still secure that way though? Is there a way to use it with NTLM without breaking the internal clients?
I'm going to watch it for the next little while and see if it stays working.
0
 

Author Comment

by:tconkle
ID: 24376297
I don't want to use outlook anywhere internally...and as far as I know I am not using it internally.
0
 

Author Comment

by:tconkle
ID: 24376315
Ahhhh... I do have a split dns setup though....
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376344
If you have a split dns, then put an A record in your publicdomain zone in your internal DNS, pointing to your CAS server ip address.

Regarding security, are you not using a certificate and it only uses port 443 and is secure.
0
 

Author Comment

by:tconkle
ID: 24376423
I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?
Yeah, I've got a certificate that I am using with OWA...
0
 

Accepted Solution

by:
tconkle earned 0 total points
ID: 24376703
Okay, I had an idiot moment...SSL offloading was turned on for Outlook Anywhere. I unchecked that with NTLM on, and enabled Kernal-Mode authentication for the RPC and RPCwithCert virtual directories in IIS and everything seems to be stable. I'm going to give this 24 hours just to be sure.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24378298
""I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?""

Apart from that, in your split dns model, you need an A record for Autodiscover pointing to your CAS IP.
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question