Why are the Outlook clients asking for passwords to login Autodiscover

I installed a new UCC SSL Cert on an Exchange 2007 server that was using a standard SSL, I am sure I spelled the commons name and subject names correctly is the csr. I done this almost a hundred times for clients and never seen this behaviot before. The OWA is fine but the Outlook clients are repeatedly ask to login Autodiscovery\username and password. Event thought the password does not work , Outlook still sends and recieves OK, but the autodiscovery login persist.
355LT1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Get-ClientAccessServer | fl

and see the AutodiscoverServiceInternalUrl is properly set.

Get-WebServicesVirtualDirectory | fl

and see the Internal and external url pointing to https://mail.example.net/ews/exchange.asmx

Hope this helps,
Shree
355LT1Author Commented:
shreedat,

Do you see any problems. Should Windows Authenication be false?

[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://server.domain.com/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SERVER.Domain.COM/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                        : SERVER
InternalUrl                   : https://mail.domain.com/autodiscover/autodiscover.asmx
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVER,CN=S
                                ervers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=domain,CN=Microsoft Exchange,CN=Services,CN
                                =Configuration,DC=domain,DC=COM
Identity                      : SERVER\EWS (Default Web Site)
Guid                          : e1057815-d4a5-487e-8d33-09bdc394bea9
ObjectCategory                :
domain.COM/Configuration/Schema/ms-Exch-Web-Services-Virtual-D
                                irectory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 3/8/2010 3:51:17 PM
WhenCreated                   : 8/16/2008 10:17:27 AM
OriginatingServer             : adserver.domain.COM
IsValid                       : True


Shreedhar EtteCommented:
Also enable Basic Authentication

External Url is not.  Set the External Url

Then restart the exchange services and check
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

355LT1Author Commented:
Do you mean OWA ? I found it already set to basic authenication.
Shreedhar EtteCommented:
On EWS Virtual directory.
355LT1Author Commented:
Should Autodiscover have anonymous authernication enabled?
355LT1Author Commented:
Where do you mean set the external url?
Shreedhar EtteCommented:
Set-WebServicesVirtualDirectory -Identity "CAS-Server\EWS (Default Web Site)" -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx 

- Replace the Cas-Server with your server name

- Replace the mail.example.net with you public URL
355LT1Author Commented:
Thanks worked good. I still get asked to login as autodoscovery\username when I open the address book?
Shreedhar EtteCommented:
Post the output of Get-OABVirtualDirectory | fl
Shreedhar EtteCommented:
Also post output of Get-ClientAccessServer | fl
Shreedhar EtteCommented:
Set Basic Authentication on the Autodiscover Web site under IIS
Shreedhar EtteCommented:
Hi,

Also observed that you have post two more question for the same:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26029665.html

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26029663.html

Send request to Close them if you want.

---------
Shree
355LT1Author Commented:
Will do.
paritoshjaniCommented:
Check virtual directory authentication. post change reset IIS

OAB
Basic authentication
Windows Authentication

Autodiscover
Basic authentication
Windows Authentication

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
355LT1Author Commented:
That did not resove the the issue. I checked 3 other company's Exchange 2007 and the OAB and Autodiscover basic authernication is not turned on, just windows authenication is enabled.
Shreedhar EtteCommented:
Hi,

Check the Authentication in the IIS manager.
Autodiscover:- Basic + Windows Integrated Authentication with SSL enabled.
EWS:- Windows Integrated Authentication with SSL enabled.
OAB:- Windows Integrated Authentication without SSL enabled.

Restart the IIS for the changes to take effect.

Open EMC and expand Mailbox server under Organization configuration, click on Offline Address Book tab and right click the Default OAB and check the Distribution settings, check the outlook versions and also check whether the Web Distribtion is enabled with Public Folder Distribution.

Run Test Email Autoconfiguration from Outlook 2007 work station and select Autodiscover only and please provide the informtion that you get.

To test the Autodiscovery configuration service by right clicking the Outlook button while holding the CTRL key. Now you can select the test e-mail auto-configuration button to test the Autodiscovery function

Hope this helps,
Shree
355LT1Author Commented:
I check whay you suggested. I am remoted into the Exchange server with Outlook i2007 installed, for some reason every thing is there but test email auto configuration, The currect Outllok profile works , but when I tried to create a new profile with autoconfig it could not find the server.
355LT1Author Commented:
[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {Default Offline Address Book}
RequireSSL                    : False
BasicAuthentication           : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SERVER.Domain.COM/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
Server                        : SERVER
InternalUrl                   : http://server.domain.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   :
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVER,CN=S
                                ervers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=domain,CN=Microsoft Exchange,CN=Services,CN
                                =Configuration,DC=domain,DC=COM
Identity                      : SERVER\OAB (Default Web Site)
Guid                          : 6a301c3b-0870-40d6-bb79-eeb79366e494
ObjectCategory                : domain.COM/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 4/25/2010 9:51:26 AM
WhenCreated                   : 4/25/2010 9:50:31 AM
OriginatingServer             : adserver.domain.COM
IsValid                       : True



[PS] C:\Windows\System32>
355LT1Author Commented:
[PS] C:\Windows\System32>Get-ClientAccessServer | fl


Name                           : SERVER
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : SERVER
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://mail.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : adserver.domain.COM
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=SERVER,CN=Servers,CN=Exchange Administrative Group (FYDIB
                                 OHF23SPDLT),CN=Administrative Groups,CN=domain,CN=Microsoft                                  Exchange,CN=Services,CN=Configuration,DC=Domain,DC=COM
Identity                       : SERVER
Guid                           : e74b4cd5-88f7-4e8c-92b7-eb571bc14008
ObjectCategory                 : Domain.COM/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 4/24/2010 9:51:26 PM
WhenCreated                    : 8/16/2008 10:15:21 AM


355LT1Author Commented:
I checked the internal URL InternalUrl  http://server.domain.com/OAB
is not found in IE
Shreedhar EtteCommented:
Hi,

Also set the external URL for OAB

Set-OABVirtualDirectory -ExternalURL https://$URLNAME/OAB

Hope this helps,
Shree
355LT1Author Commented:
The internal URL is HTTP:// should it me HTTPS://
?
Shreedhar EtteCommented:
Make it https://
355LT1Author Commented:
Still does not work, I called MS paid support, sure does take them a long time for an engineer to call and help me.
355LT1Author Commented:
I think the porblem was resolved with this answere and rebuilding oab.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.