Solved

Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.

Posted on 2009-05-13
13
444 Views
Last Modified: 2012-06-21
Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.  New mail is still pulled but it asks for the username and password every send/recieve on outlook 2007 clients.  I can reset iis and it seems to resolve the problem but the first time someone logs in via outlook anywhere it starts asking for passwords on the internal outlook 2007 clients. This is on Exchange 2007 SP1 and Outlook 2007 SP2.
0
Comment
Question by:tconkle
  • 7
  • 6
13 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24375395
You haven't configured the Exchange services properly.

Go through http://smarthost.blogspot.com/2008/12/configuring-autodiscover-for-exchange.html
0
 

Author Comment

by:tconkle
ID: 24375863
Rajith, I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck.

I've got outlook anywhere set to NTLM authentication with SSL offloading on....could this be causing my issues?
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 100 total points
ID: 24376044
Change authentication to basic.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376057
"""I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck."""

Is this srv record with the public dns?
0
 

Author Comment

by:tconkle
ID: 24376120
no I set it up on my internal dns server that handles my domain.
External outlook anywhere clients have no problems
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376181
Why do you use Outlook anywhere internally? Even if you do, then you need to have a spilt dns system for it to work, your Outlook clients will always be looking at mail.domain.com (or any url you use).

Check http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:tconkle
ID: 24376290
Ok I think changing that to basic on outlook anywhere allows everything to stay working correctly.....is it still secure that way though? Is there a way to use it with NTLM without breaking the internal clients?
I'm going to watch it for the next little while and see if it stays working.
0
 

Author Comment

by:tconkle
ID: 24376297
I don't want to use outlook anywhere internally...and as far as I know I am not using it internally.
0
 

Author Comment

by:tconkle
ID: 24376315
Ahhhh... I do have a split dns setup though....
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376344
If you have a split dns, then put an A record in your publicdomain zone in your internal DNS, pointing to your CAS server ip address.

Regarding security, are you not using a certificate and it only uses port 443 and is secure.
0
 

Author Comment

by:tconkle
ID: 24376423
I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?
Yeah, I've got a certificate that I am using with OWA...
0
 

Accepted Solution

by:
tconkle earned 0 total points
ID: 24376703
Okay, I had an idiot moment...SSL offloading was turned on for Outlook Anywhere. I unchecked that with NTLM on, and enabled Kernal-Mode authentication for the RPC and RPCwithCert virtual directories in IIS and everything seems to be stable. I'm going to give this 24 hours just to be sure.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24378298
""I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?""

Apart from that, in your split dns model, you need an A record for Autodiscover pointing to your CAS IP.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now