• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 638
  • Last Modified:

Outlook 2007 client asks for password when it is opend

I have a 2008 R2 server with Exchange 2007 SP 3 and IIS 7.  I am not using any external mail such as Outlook Anywhere.
All my client PCs use Outlook 2007.  
When I open Outlook I get prompted for a username and password.  I can cancel it and everything works fine, however when I go to open Out of Office Assistant it prompts me again.  If I enter the correct domain user and pass then it lets me in with no problem.  My EWS virtual directory is using both basic and Windows Authentication when this happens.  If I disable basic authentication on the EWS Virtual Directory then I am not prompted for a user and pass, however the Out of Office replies with, "Your Out of Office settings cannot be displayed, because the server is currently unavailable.  Tray again later.”
I have recreated the Virtual Directories, and still have the same issue.
Any help would be greatly appreciated.
  • 5
  • 4
2 Solutions
check for stored passwords by opening run command and type control userpasswords2, make sure there are no managed passwords.

Also you might have to change the authentication type to kerbos etc.  Another thing to watch out for is if you have a filter (proxy), I ran into this issue because default proxy also added the address to ftp and such when it only need to be in the http:
get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

Please post results of all these commands.
Run them from exchange shell.

KalmeradminAuthor Commented:

Here is a file of the requested information.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

This is the reason you are getting prompts

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory |fl

InternalUrl                   :
ExternalUrl                   :

Please confirm if exchange server FQDN is -
this is what you need to do :
a) run these 2 commands
replace internal and external FQDN with your own in appropriate places.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://ExchSRV.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"

b) Your get-exchangecertificate | fl
shows - isSelfSigned - True

So you need to buy a UCC/SAN cert from someone like Godaddy / Digicert and then install it for all services.
After you download the Cert from Godaddy, you can use this tool to install it.

KalmeradminAuthor Commented:
I have set the Internal and External Urls in the autodiscover virtual directory and confirmed that they are both correct.  I already had an internal dns zone for my external domain and have the mail.externaldomain.com pointed to the internal IP.  This works fine from local PCs on the domain.
I have tested e-mail autoconfiguration from Outlook and it found the autodiscover.xml through SCP.

I still have the exact same problem after adding the URLs.
I don't see where adding a new certificate will fix this problem, is there something to the cert that I am not aware of?

UESCOMP - I had already checked most of what you recommended and none were the issue.

Everything seems to be working fine other than the authentication from Outlook to the server when needing to open Out of Office Assistant.  It is my understanding that Basic Authentication should be disabled for the EWS Virtual Directory, however if I do disable it then Out of Office Assitant gets the message stated in the original question.
you need UCC/SAN Cert
for outlook to work.

The name on your cert has to match the name on exchange server.
If you are using RPC/HTTPS - it has to match the external FQDN of your domain.

If you just want a hack and want to get it done with -- here it is.

If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in the name of your DC /  global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.

KalmeradminAuthor Commented:
I have requested a UCC cert and waiting for validation.  Once I get it installed on the server and tested.  I will let you know how it looks.
KalmeradminAuthor Commented:
I have got a UCC Cert from Godaddy and went through their instructions for installing.  I then enabled it int the powershell for all services.  The Cert shows up good and all the name match my Netowrk information, however I am still getting the same problem with Out of Office Assistant.  Is there anything else with the Cert that I need to look at?
KalmeradminAuthor Commented:
I have finally got it fixed.  I must have had a corrupt EWS virtual directory.  I had already recreated the Autodiscover but I must not have redone the EWS.  I removed it with following command:

Remove-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -Confirm:$false

and recreated it with the following:

New-WebServicesVirtualDirectory -WebsiteName "Default Web Site"
-InternalUrl "https://INTERNAL_FQDN_OF_EXCHANGE/EWS/Exchange.asmx" -windowsauthentication 1

(all one line)

After this I restarted IIS and it worked.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now