Outlook 2003 keeps asking exchange network password.
Hi,
Some of my users are suddenly getting prompted constantly for their network password in exchange when set to NTLM or Basic in the proxy settings under the connections tab.
The only way I have been able to fix this is by unticking the proxy settings but there must be something else that is causing this and we do not ideally want to untick the proxy settings as we want to RPC - HTTP.
Could this be caused by something on the server for certain users or is it a problem with Outlook itself.
Have already tried the deleting of profiles and the reg settings so what else could be the problem.
Thanks
Some of my users are suddenly getting prompted constantly for their network password in exchange when set to NTLM or Basic in the proxy settings under the connections tab.
The only way I have been able to fix this is by unticking the proxy settings but there must be something else that is causing this and we do not ideally want to untick the proxy settings as we want to RPC - HTTP.
Could this be caused by something on the server for certain users or is it a problem with Outlook itself.
Have already tried the deleting of profiles and the reg settings so what else could be the problem.
Thanks
Alan Hardisty
What version of Exchange are yu using?
ASKER
Sorry using Exchange 2003
Did the user(s) recently change their password? Ifso: check for cached credential on the client PC.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have run the test and the results are as follows:
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to resolve the host name home.inex.co.uk in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 213.123.219.40
Testing TCP Port 443 on host home.inex.co.uk to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname home.inex.co.uk in Certificate Subject Alternative Name entry
Validating certificate trust
Certificate trust validation failed
Additional Details
Certificate chain could not be built. You may be missing required intermediate certificates.
I do not understand the message. No the user (i.e. me) has changed any passwords.
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to resolve the host name home.inex.co.uk in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 213.123.219.40
Testing TCP Port 443 on host home.inex.co.uk to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname home.inex.co.uk in Certificate Subject Alternative Name entry
Validating certificate trust
Certificate trust validation failed
Additional Details
Certificate chain could not be built. You may be missing required intermediate certificates.
I do not understand the message. No the user (i.e. me) has changed any passwords.
As your certificate appears to be a self-certified certificate, the test site won't work unfortunately.
What Authentication settings have you got setup on your RPC virtual Directory?
What Authentication settings have you got setup on your RPC virtual Directory?
ASKER
I have basic and integrated ticked but no anonymous login.
I take it the cert is self-signed?
If so - have you installed the cert on all the clients?
If so - have you installed the cert on all the clients?
ASKER
I have only installed it on mine at the moment so I can test it. I was going to add it to Group Policy so everyone got it once I have got working.
What settings are you entering in the Proxy Settings for Outlook?
ASKER
home.inex.co.uk
msstd:home.inex.co.uk
ticked work on slow networks
NTLM auth
msstd:home.inex.co.uk
ticked work on slow networks
NTLM auth
ASKER
As it has been nearly over a week since I had a reply I am going to close this question as I am no further forward and no further answers have been forthcoming.
Sorry - I have been tied up with work / Kids Half-Term holidays.
RPC Virtual directory should only have Basic Authentication ticked. SSL should also be enabled. No IP Restrictions set.
Please change the settings and run iisreset and see if that helps.
RPC Virtual directory should only have Basic Authentication ticked. SSL should also be enabled. No IP Restrictions set.
Please change the settings and run iisreset and see if that helps.
ASKER
So does this mean we all need to have outlook only using basic as well then?? Why is NTLM not a good idea. Is is because I have a internal certificate rather than one from Thawte etc...........
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just tried that - I get after putting in a id and password:
The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Technical Information (for support personnel)
Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)
This was issued by my CA on the DC server and so the certificate chain should be trusted as I have put the certificate in the trusted publishers store
The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Technical Information (for support personnel)
Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)
This was issued by my CA on the DC server and so the certificate chain should be trusted as I have put the certificate in the trusted publishers store
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My server is the CA and when I use OWA there is no issue with the certificate. Shall I redo my certificates and see if that helps.
ASKER
Closing question as I have now found out what the problem is. The KDC certificate has become invalid and so the chain status is in error - not sure why this has happened but it appears to be the solution. RPC is now working on Basic and the password errors have gone too. All appears to be fine now. Thanks for all your help.
We have moved offices since I posted this and we have been able to rectify many issues we had the other office now we are in a better environment.
We have moved offices since I posted this and we have been able to rectify many issues we had the other office now we are in a better environment.