Trying to connect Outlook 2003 from WAN to Exchange 2010 gets credentials box

Posted on 2011-03-08
Last Modified: 2012-06-22
We have just finished migrated all of our users from Exchange 2003 to Exchange 2010.  We have three sites, each with a 2008 R2 DC, propagating from our corporate site, where the Exchange server is.

After we finished the migration I had a consultant come in and decommission the Exchange 2003 server.  Since that has happened, I have several users in the two sites not in our corporate office that now cannot log onto their e-mail.  When they do try, or when you try to create a new Outlook profile on one of their machines, Outlook starts popping up a logon screen looking for credentials to log onto the mail server.  No matter what credentials you enter or how many times, it just keeps popping up.

Each site has it's own IP scheme, and two of the sites are connected to the corporate site by a managed VPN service.  I can ping the email server by name from the client machine, I can also do an NSLookup.

If I try to do a ping or NSLookup from the domain controller in that remote site, it uses the IPv6 address of APPMAIL first and the ping fails, while the NSLOOKUP shows the IPv6 address then then the IPv4 address.  I added the IPv4 address for the mail server to the LMHOSTS file and now you can ping from the DC, but NSLOOKUP still shows IPV6 address first.

IPv6 is not enabled on the W2008 DC in the remote site.

I'm at a loss, and I'm not hearing back from my consultant at the moment.
Question by:andersonpower
LVL 29

Expert Comment

by:Randy Downs
ID: 35072689
You could try uninstalling Outlook & reinstalling on the problem machines. I'd also check to see if they happen to have static ips. If they get their ip from DHCP then they are more likely to get current DNS info on your mail servers.

Expert Comment

by:Naushad shaikh
ID: 35072932
Configure Outlook 2003 in cached mode to connect by using RPC/HTTP with basic authentication.

Make sure that you configure Outlook 2003 to try HTTP only after Outlook 2003 uses TCP/IP. To do this, follow these steps:1. Start Outlook 2003.
2. On the Tools menu, click E-mail Accounts.
3. Click View or change existing e-mail
accounts, and then click Next.
4. Click the Exchange Server e-mail account,
and then click Change.
5. Click More Settings, and then click the
Connection tab.
6. In the Exchange over the Internet area,
click to select the Connect to my Exchange
mailbox using HTTP check box, and then
click Exchange Proxy Settings.
7. Verify that the On slow networks, connect
using HTTP first, then connect using
TCP/IP, check box is not selected.
8. In the Proxy authentication settings area,
click Basic Authentication in the Use this
authentication when connecting to my proxy
server for Exchange box.
9. Click OK two times.
10. Quit Outlook 2003.
11. Make sure that you are connected to the
network. Then, start Outlook 2003.
12. Wait for Outlook 2003 to connect to the
Exchange server. Verify that the
connection is a TCP/IP connection. To do
this, follow these steps:a. Press and
hold CTRL, right-click the Outlook icon
in the notification area, and then click
Connection Status.
b. Verify that the Conn column displays

13. Put the computer on standby.
14. Resume the computer from standby. Then,
wait for about one minute.
15. You are prompted for your user
16. Click Cancel.

This feature requires you to be using a Microsoft Exchange Server e-mail account in Cached Exchange Mode.
Cached Exchange Mode provides you with a better experience when you use a Microsoft Exchange Server e-mail account. A copy of your mailbox is stored on your computer. This copy provides quick access to your data and is frequently updated with the mail server.

If you work offline, whether by choice or due to a connection problem, your data is still available to you instantly wherever you are. If a connection from your computer to the computer running Exchange server isn't available, Outlook switches to Trying to connect or Disconnected. If the connection is restored, Microsoft Outlook automatically switches back to Connected or Connected (Headers). Any changes you make while a connection to the server isn't available are synchronized automatically when a connection is available. You can continue to work while changes are synchronized

Author Comment

ID: 35073092
I flushed the DNS on the client machine and reinstalled and am still not able to connect to the Exchange server without getting a request for credentials.  If I try putting the IP of the Exchange 2010 server instead of the server name or FQDN, I get the message "The action could not be completed.  The connection to the Microsoft Exchange Server is unavailable.  Outlook must be online or connected to complete this action."

I can't switch to HTTP without having the Exchange account already set up.  We always use cached mode here.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 14

Expert Comment

ID: 35080232
Outlook 2003 by default does not encrypt communication between itself and the Exchange server.  Exchange 2010 by default requires encrypted communication with Outlook.  Try changing either the server to not require encryption, or set up Outlook 2003 to use encryption.

See this:

Author Comment

ID: 35083211
Everyone already had encryption enabled, since they had already been migrated to 2010.

It appears it might be an AD issue, with DNS not replicating properly.

Accepted Solution

andersonpower earned 0 total points
ID: 35095288
It turned out that the DC for this site had tombstoned, which is what was causing all the problems.

Author Closing Comment

ID: 35135825
Problem turned out to be unrelated to Outlook and Exchange.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question