Solved

Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.

Posted on 2009-05-13
13
452 Views
Last Modified: 2012-06-21
Outlook Anywhere enabled, users can connect great, internal users with domain connected computers get asked for a username and password.  New mail is still pulled but it asks for the username and password every send/recieve on outlook 2007 clients.  I can reset iis and it seems to resolve the problem but the first time someone logs in via outlook anywhere it starts asking for passwords on the internal outlook 2007 clients. This is on Exchange 2007 SP1 and Outlook 2007 SP2.
0
Comment
Question by:tconkle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24375395
You haven't configured the Exchange services properly.

Go through http://smarthost.blogspot.com/2008/12/configuring-autodiscover-for-exchange.html
0
 

Author Comment

by:tconkle
ID: 24375863
Rajith, I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck.

I've got outlook anywhere set to NTLM authentication with SSL offloading on....could this be causing my issues?
0
 
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 100 total points
ID: 24376044
Change authentication to basic.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376057
"""I had already set up the dns autodiscover srv record, but went back through and reset all of the services url's as listed in that article but no luck."""

Is this srv record with the public dns?
0
 

Author Comment

by:tconkle
ID: 24376120
no I set it up on my internal dns server that handles my domain.
External outlook anywhere clients have no problems
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376181
Why do you use Outlook anywhere internally? Even if you do, then you need to have a spilt dns system for it to work, your Outlook clients will always be looking at mail.domain.com (or any url you use).

Check http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
0
 

Author Comment

by:tconkle
ID: 24376290
Ok I think changing that to basic on outlook anywhere allows everything to stay working correctly.....is it still secure that way though? Is there a way to use it with NTLM without breaking the internal clients?
I'm going to watch it for the next little while and see if it stays working.
0
 

Author Comment

by:tconkle
ID: 24376297
I don't want to use outlook anywhere internally...and as far as I know I am not using it internally.
0
 

Author Comment

by:tconkle
ID: 24376315
Ahhhh... I do have a split dns setup though....
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24376344
If you have a split dns, then put an A record in your publicdomain zone in your internal DNS, pointing to your CAS server ip address.

Regarding security, are you not using a certificate and it only uses port 443 and is secure.
0
 

Author Comment

by:tconkle
ID: 24376423
I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?
Yeah, I've got a certificate that I am using with OWA...
0
 

Accepted Solution

by:
tconkle earned 0 total points
ID: 24376703
Okay, I had an idiot moment...SSL offloading was turned on for Outlook Anywhere. I unchecked that with NTLM on, and enabled Kernal-Mode authentication for the RPC and RPCwithCert virtual directories in IIS and everything seems to be stable. I'm going to give this 24 hours just to be sure.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24378298
""I've already got an A record that points my server NETBIOS name to the internal ip address, is that what you mean?""

Apart from that, in your split dns model, you need an A record for Autodiscover pointing to your CAS IP.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question