Outlook 2007 client asks for password when it is opend

Posted on 2010-09-16
Last Modified: 2012-05-10
I have a 2008 R2 server with Exchange 2007 SP 3 and IIS 7.  I am not using any external mail such as Outlook Anywhere.
All my client PCs use Outlook 2007.  
When I open Outlook I get prompted for a username and password.  I can cancel it and everything works fine, however when I go to open Out of Office Assistant it prompts me again.  If I enter the correct domain user and pass then it lets me in with no problem.  My EWS virtual directory is using both basic and Windows Authentication when this happens.  If I disable basic authentication on the EWS Virtual Directory then I am not prompted for a user and pass, however the Out of Office replies with, "Your Out of Office settings cannot be displayed, because the server is currently unavailable.  Tray again later.”
I have recreated the Virtual Directories, and still have the same issue.
Any help would be greatly appreciated.
Question by:Kalmeradmin
  • 5
  • 4
LVL 16

Expert Comment

ID: 33695356
check for stored passwords by opening run command and type control userpasswords2, make sure there are no managed passwords.

Also you might have to change the authentication type to kerbos etc.  Another thing to watch out for is if you have a filter (proxy), I ran into this issue because default proxy also added the address to ftp and such when it only need to be in the http:
LVL 28

Expert Comment

ID: 33695494
get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

Please post results of all these commands.
Run them from exchange shell.


Author Comment

ID: 33695791

Here is a file of the requested information.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 28

Expert Comment

ID: 33695800
This is the reason you are getting prompts

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory |fl

InternalUrl                   :
ExternalUrl                   :

Please confirm if exchange server FQDN is -
LVL 28

Assisted Solution

sunnyc7 earned 250 total points
ID: 33695836
this is what you need to do :
a) run these 2 commands
replace internal and external FQDN with your own in appropriate places.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://ExchSRV.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:""

b) Your get-exchangecertificate | fl
shows - isSelfSigned - True

So you need to buy a UCC/SAN cert from someone like Godaddy / Digicert and then install it for all services.
After you download the Cert from Godaddy, you can use this tool to install it.

Author Comment

ID: 33696210
I have set the Internal and External Urls in the autodiscover virtual directory and confirmed that they are both correct.  I already had an internal dns zone for my external domain and have the pointed to the internal IP.  This works fine from local PCs on the domain.
I have tested e-mail autoconfiguration from Outlook and it found the autodiscover.xml through SCP.

I still have the exact same problem after adding the URLs.
I don't see where adding a new certificate will fix this problem, is there something to the cert that I am not aware of?

UESCOMP - I had already checked most of what you recommended and none were the issue.

Everything seems to be working fine other than the authentication from Outlook to the server when needing to open Out of Office Assistant.  It is my understanding that Basic Authentication should be disabled for the EWS Virtual Directory, however if I do disable it then Out of Office Assitant gets the message stated in the original question.
LVL 28

Expert Comment

ID: 33696225
you need UCC/SAN Cert
for outlook to work.

The name on your cert has to match the name on exchange server.
If you are using RPC/HTTPS - it has to match the external FQDN of your domain.

If you just want a hack and want to get it done with -- here it is.

If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in the name of your DC /  global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.

Author Comment

ID: 33697182
I have requested a UCC cert and waiting for validation.  Once I get it installed on the server and tested.  I will let you know how it looks.

Author Comment

ID: 33703487
I have got a UCC Cert from Godaddy and went through their instructions for installing.  I then enabled it int the powershell for all services.  The Cert shows up good and all the name match my Netowrk information, however I am still getting the same problem with Out of Office Assistant.  Is there anything else with the Cert that I need to look at?

Accepted Solution

Kalmeradmin earned 0 total points
ID: 33713684
I have finally got it fixed.  I must have had a corrupt EWS virtual directory.  I had already recreated the Autodiscover but I must not have redone the EWS.  I removed it with following command:

Remove-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -Confirm:$false

and recreated it with the following:

New-WebServicesVirtualDirectory -WebsiteName "Default Web Site"
-InternalUrl "https://INTERNAL_FQDN_OF_EXCHANGE/EWS/Exchange.asmx" -windowsauthentication 1

(all one line)

After this I restarted IIS and it worked.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question