Solved

Outlook 2007 client asks for password when it is opend

Posted on 2010-09-16
10
625 Views
Last Modified: 2012-05-10
I have a 2008 R2 server with Exchange 2007 SP 3 and IIS 7.  I am not using any external mail such as Outlook Anywhere.
All my client PCs use Outlook 2007.  
When I open Outlook I get prompted for a username and password.  I can cancel it and everything works fine, however when I go to open Out of Office Assistant it prompts me again.  If I enter the correct domain user and pass then it lets me in with no problem.  My EWS virtual directory is using both basic and Windows Authentication when this happens.  If I disable basic authentication on the EWS Virtual Directory then I am not prompted for a user and pass, however the Out of Office replies with, "Your Out of Office settings cannot be displayed, because the server is currently unavailable.  Tray again later.”
I have recreated the Virtual Directories, and still have the same issue.
Any help would be greatly appreciated.
0
Comment
Question by:Kalmeradmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 16

Expert Comment

by:uescomp
ID: 33695356
check for stored passwords by opening run command and type control userpasswords2, make sure there are no managed passwords.

Also you might have to change the authentication type to kerbos etc.  Another thing to watch out for is if you have a filter (proxy), I ran into this issue because default proxy also added the address to ftp and such when it only need to be in the http:
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33695494
get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

Please post results of all these commands.
Run them from exchange shell.

thanks
0
 

Author Comment

by:Kalmeradmin
ID: 33695791

Here is a file of the requested information.
Exchange-Info.txt
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33695800
This is the reason you are getting prompts

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory |fl

InternalUrl                   :
ExternalUrl                   :

--
Please confirm if exchange server FQDN is -
ExchSRV.domain.local
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 250 total points
ID: 33695836
this is what you need to do :
a) run these 2 commands
replace internal and external FQDN with your own in appropriate places.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://ExchSRV.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"

b) Your get-exchangecertificate | fl
shows - isSelfSigned - True

So you need to buy a UCC/SAN cert from someone like Godaddy / Digicert and then install it for all services.
After you download the Cert from Godaddy, you can use this tool to install it.

www.u-btech.com/products/certificate-manager-for-exchange-2007.html
0
 

Author Comment

by:Kalmeradmin
ID: 33696210
I have set the Internal and External Urls in the autodiscover virtual directory and confirmed that they are both correct.  I already had an internal dns zone for my external domain and have the mail.externaldomain.com pointed to the internal IP.  This works fine from local PCs on the domain.
I have tested e-mail autoconfiguration from Outlook and it found the autodiscover.xml through SCP.

I still have the exact same problem after adding the URLs.
I don't see where adding a new certificate will fix this problem, is there something to the cert that I am not aware of?


UESCOMP - I had already checked most of what you recommended and none were the issue.

Everything seems to be working fine other than the authentication from Outlook to the server when needing to open Out of Office Assistant.  It is my understanding that Basic Authentication should be disabled for the EWS Virtual Directory, however if I do disable it then Out of Office Assitant gets the message stated in the original question.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33696225
you need UCC/SAN Cert
for outlook to work.

The name on your cert has to match the name on exchange server.
If you are using RPC/HTTPS - it has to match the external FQDN of your domain.

If you just want a hack and want to get it done with -- here it is.

If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in the name of your DC /  global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.

http://www.petri.co.il/forums/showthread.php?t=18808
0
 

Author Comment

by:Kalmeradmin
ID: 33697182
I have requested a UCC cert and waiting for validation.  Once I get it installed on the server and tested.  I will let you know how it looks.
0
 

Author Comment

by:Kalmeradmin
ID: 33703487
I have got a UCC Cert from Godaddy and went through their instructions for installing.  I then enabled it int the powershell for all services.  The Cert shows up good and all the name match my Netowrk information, however I am still getting the same problem with Out of Office Assistant.  Is there anything else with the Cert that I need to look at?
0
 

Accepted Solution

by:
Kalmeradmin earned 0 total points
ID: 33713684
I have finally got it fixed.  I must have had a corrupt EWS virtual directory.  I had already recreated the Autodiscover but I must not have redone the EWS.  I removed it with following command:

Remove-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -Confirm:$false

and recreated it with the following:

New-WebServicesVirtualDirectory -WebsiteName "Default Web Site"
-InternalUrl "https://INTERNAL_FQDN_OF_EXCHANGE/EWS/Exchange.asmx" -windowsauthentication 1

(all one line)

After this I restarted IIS and it worked.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question