Improve company productivity with a Business Account.Sign Up


Outlook 2007 client asks for password when it is opend

Posted on 2010-09-16
Medium Priority
Last Modified: 2012-05-10
I have a 2008 R2 server with Exchange 2007 SP 3 and IIS 7.  I am not using any external mail such as Outlook Anywhere.
All my client PCs use Outlook 2007.  
When I open Outlook I get prompted for a username and password.  I can cancel it and everything works fine, however when I go to open Out of Office Assistant it prompts me again.  If I enter the correct domain user and pass then it lets me in with no problem.  My EWS virtual directory is using both basic and Windows Authentication when this happens.  If I disable basic authentication on the EWS Virtual Directory then I am not prompted for a user and pass, however the Out of Office replies with, "Your Out of Office settings cannot be displayed, because the server is currently unavailable.  Tray again later.”
I have recreated the Virtual Directories, and still have the same issue.
Any help would be greatly appreciated.
Question by:Kalmeradmin
  • 5
  • 4
LVL 16

Expert Comment

ID: 33695356
check for stored passwords by opening run command and type control userpasswords2, make sure there are no managed passwords.

Also you might have to change the authentication type to kerbos etc.  Another thing to watch out for is if you have a filter (proxy), I ran into this issue because default proxy also added the address to ftp and such when it only need to be in the http:
LVL 28

Expert Comment

ID: 33695494
get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

Please post results of all these commands.
Run them from exchange shell.


Author Comment

ID: 33695791

Here is a file of the requested information.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 28

Expert Comment

ID: 33695800
This is the reason you are getting prompts

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory |fl

InternalUrl                   :
ExternalUrl                   :

Please confirm if exchange server FQDN is -
LVL 28

Assisted Solution

sunnyc7 earned 1000 total points
ID: 33695836
this is what you need to do :
a) run these 2 commands
replace internal and external FQDN with your own in appropriate places.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://ExchSRV.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:""

b) Your get-exchangecertificate | fl
shows - isSelfSigned - True

So you need to buy a UCC/SAN cert from someone like Godaddy / Digicert and then install it for all services.
After you download the Cert from Godaddy, you can use this tool to install it.

Author Comment

ID: 33696210
I have set the Internal and External Urls in the autodiscover virtual directory and confirmed that they are both correct.  I already had an internal dns zone for my external domain and have the pointed to the internal IP.  This works fine from local PCs on the domain.
I have tested e-mail autoconfiguration from Outlook and it found the autodiscover.xml through SCP.

I still have the exact same problem after adding the URLs.
I don't see where adding a new certificate will fix this problem, is there something to the cert that I am not aware of?

UESCOMP - I had already checked most of what you recommended and none were the issue.

Everything seems to be working fine other than the authentication from Outlook to the server when needing to open Out of Office Assistant.  It is my understanding that Basic Authentication should be disabled for the EWS Virtual Directory, however if I do disable it then Out of Office Assitant gets the message stated in the original question.
LVL 28

Expert Comment

ID: 33696225
you need UCC/SAN Cert
for outlook to work.

The name on your cert has to match the name on exchange server.
If you are using RPC/HTTPS - it has to match the external FQDN of your domain.

If you just want a hack and want to get it done with -- here it is.

If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in the name of your DC /  global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.

Author Comment

ID: 33697182
I have requested a UCC cert and waiting for validation.  Once I get it installed on the server and tested.  I will let you know how it looks.

Author Comment

ID: 33703487
I have got a UCC Cert from Godaddy and went through their instructions for installing.  I then enabled it int the powershell for all services.  The Cert shows up good and all the name match my Netowrk information, however I am still getting the same problem with Out of Office Assistant.  Is there anything else with the Cert that I need to look at?

Accepted Solution

Kalmeradmin earned 0 total points
ID: 33713684
I have finally got it fixed.  I must have had a corrupt EWS virtual directory.  I had already recreated the Autodiscover but I must not have redone the EWS.  I removed it with following command:

Remove-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -Confirm:$false

and recreated it with the following:

New-WebServicesVirtualDirectory -WebsiteName "Default Web Site"
-InternalUrl "https://INTERNAL_FQDN_OF_EXCHANGE/EWS/Exchange.asmx" -windowsauthentication 1

(all one line)

After this I restarted IIS and it worked.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A method of moving multiple mailboxes (in bulk) to another database in an Exchange 2010/2013/2016 environment...
This article involves a discussion about issues people have when it comes to Client Access in relating to Load Balancing in an Exchange environment which we had ourselves, along with a solution I found to the problem.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question