Outlook 2003 keeps asking exchange network password.

Hi,

Some of my users are suddenly getting prompted constantly for their network password in exchange when set to NTLM or Basic in the proxy settings under the connections tab.
The only way I have been able to fix this is by unticking the proxy settings but there must be something else that is causing this and we do not ideally want to untick the proxy settings as we want to RPC - HTTP.
Could this be caused by something on the server for certain users or is it a problem with Outlook itself.
Have already tried the deleting of profiles and the reg settings so what else could be the problem.
Thanks
PurplePenguinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
What version of Exchange are yu using?
PurplePenguinAuthor Commented:
Sorry using Exchange 2003
PowerToTheUsersCommented:
Did the user(s) recently change their password? Ifso: check for cached credential on the client PC.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Alan HardistyCo-OwnerCommented:
Please visit https://testexchangeconnectivity.com and run the Outlook Anywhere (HTTP over RPC) test and specify manual server settings.
What are the results?
PurplePenguinAuthor Commented:
I have run the test and the results are as follows:

      Testing RPC/HTTP connectivity
       RPC/HTTP test failed
       
      Test Steps
       
      Attempting to resolve the host name home.inex.co.uk in DNS.
       Host successfully resolved
       
      Additional Details
        IP(s) returned: 213.123.219.40
      Testing TCP Port 443 on host home.inex.co.uk to ensure it is listening and open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The SSL Certificate failed one or more certificate validation checks.
       
      Test Steps
       
      Validating certificate name
       Successfully validated the certificate name
       
      Additional Details
        Found hostname home.inex.co.uk in Certificate Subject Alternative Name entry
      Validating certificate trust
       Certificate trust validation failed
       
      Additional Details
        Certificate chain could not be built. You may be missing required intermediate certificates.

I do not understand the message. No the user (i.e. me) has changed any passwords.
Alan HardistyCo-OwnerCommented:
As your certificate appears to be a self-certified certificate, the test site won't work unfortunately.
What Authentication settings have you got setup on your RPC virtual Directory?
PurplePenguinAuthor Commented:
I have basic and integrated ticked but no anonymous login.
Alan HardistyCo-OwnerCommented:
I take it the cert is self-signed?
If so - have you installed the cert on all the clients?
PurplePenguinAuthor Commented:
I have only installed it on mine at the moment so I can test it. I was going to add it to Group Policy so everyone got it once I have got working.
Alan HardistyCo-OwnerCommented:
What settings are you entering in the Proxy Settings for Outlook?
PurplePenguinAuthor Commented:
home.inex.co.uk

msstd:home.inex.co.uk

ticked work on slow networks

NTLM auth
PurplePenguinAuthor Commented:
As it has been nearly over a week since I had a reply I am going to close this question as I am no further forward and no further answers have been forthcoming.
Alan HardistyCo-OwnerCommented:
Sorry - I have been tied up with work / Kids Half-Term holidays.
RPC Virtual directory should only have Basic Authentication ticked.  SSL should also be enabled.  No IP Restrictions set.
Please change the settings and run iisreset and see if that helps.
PurplePenguinAuthor Commented:
So does this mean we all need to have outlook only using basic as well then??  Why is NTLM not a good idea. Is is because I have a internal certificate rather than one from Thawte etc...........
Alan HardistyCo-OwnerCommented:
My mistake - looked at the wrong server (one that does not have HTTP over RPC setup properly).  Basic & Integrated should be ticked.  Sorry.
What happens if you try to visit https:\\home.inex.co.uk\rpc\rpcproxy.dll ?
You should get a username / password prompt and then a blank screen.
 
PurplePenguinAuthor Commented:
Just tried that - I get after putting in a id and password:

The page cannot be displayed

Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

This was issued by my CA on the DC server and so the certificate chain should be trusted as I have put the certificate in the trusted publishers store
Alan HardistyCo-OwnerCommented:
Okay - that definitely sounding like a certificate problem.
Who was the issuer of your certificate?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PurplePenguinAuthor Commented:
My server is the CA and when I use OWA there is no issue with the certificate. Shall I redo my certificates and see if that helps.
PurplePenguinAuthor Commented:
Closing question as I have now found out what the problem is.  The KDC certificate has become invalid and so the chain status is in error - not sure why this has happened but it appears to be the solution.  RPC is now working on Basic and the password errors have gone too.  All appears to be fine now. Thanks for all your help.
We have moved offices since I posted this and we have been able to rectify many issues we had the other office now we are in a better environment.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.