Solved

Outlook users being asked to login

Posted on 2011-03-09
20
433 Views
Last Modified: 2012-05-11
Hi everyone,

For some reason over the last few hours, the users in my office have been receiving prompts from Outlook (2007 and 2010) to login... usually to our webmail server for some strange reason.  We never had this issue before upgrading to Exchange 2010.  Why would they be getting a login request from our webmail server when they are just using Outlook?  

FYI, closing and re-opening Outlook fixes it temporarily.
0
Comment
Question by:Longshot9
  • 11
  • 8
20 Comments
 

Expert Comment

by:alongacre
ID: 35089977
Here are two things to check on the local workstations.  It almost sounds like the workstations have the 2007 Exchange user pws stored?

Option #1

1.Open the Registry Editor by clicking Start > Run. Type regedit in the box, and then press Enter.
2.Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
3.In the right pane, double-click lmcompatibilitylevel.
4.In the Value data box, type a value of 2 and then click OK.
5.Close Registry Editor and restart your computer.

Option #2

1.go to start run keymgr.dll and click enter
2.Click and and then Enter your Server Name from Step 1, then enter your domain\mailbox name and enter your mailbox password.
0
 

Author Comment

by:Longshot9
ID: 35090458
We never purposely stored any exchange passwords on the users desktops.  When we were using Exchange 2003 our users were never prompted to login to use outlook.  This hasn't been a problem so far with Exchange 2010, but for some reason today it started happening.  

What does option #1 and 2 do specifically?

Thanks for the response.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35092734
On your CAS do:
Get-exchangecertificate |fl
And make sure the IIS one is still valid

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35092748

Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, them on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

See if you get any errors from the above
0
 

Author Comment

by:Longshot9
ID: 35095813
Hi Meganuk,

thanks for the response.  Assuming CAS is Client Access Server, we don't run one of those.

MegaNuk3:
On your CAS do:
Get-exchangecertificate |fl
And make sure the IIS one is still valid
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097158
You do have a CAS otherwise no Outlook users would be able to access their mailboxes and OWA wouldn't work.
0
 

Author Comment

by:Longshot9
ID: 35097875
That command shows IIS as one of the services and at the bottom says status: valid.  Is there anything else I should be looking for?


MegaNuk3:
On your CAS do:
Get-exchangecertificate |fl
And make sure the IIS one is still valid
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097918
Cert sounds OK
Now try the outlook autoconfig test I mentioned above and see if you get any errors for that.
0
 

Author Comment

by:Longshot9
ID: 35097996
No errors when running this test.


Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, them on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

See if you get any errors from the above
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35098088
Ok, can you see Free Busy time without being prompted for login? What about setting an Out of office message and what about downloading the OAB?

Does a noncached client get prompted for credentials more than a cached mode Outlook client?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:Longshot9
ID: 35098631
Users are prompted for the login as soon as they open outlook fyi.

I've never viewed free/busy time in outlook, I apologize for my stupidity ;)  I don't even know how to.

I set an OOO message for someone yesterday while this was happening and it is working (at least it's sending out replies)

OAB has been trying to download for the past 15 minutes and is just sitting on "connecting to microsoft exchange server"
0
 

Author Comment

by:Longshot9
ID: 35098733
Task 'user@domain.com' reported error (0x80080005) : 'The program for the attachment may not have been installed properly or may have been moved or deleted.  Reinstall the program in which the attachment was created.'
0
 

Author Comment

by:Longshot9
ID: 35098767
Also just another note, the login screen they are prompted with changes randomly from the webmail address to the autodiscover address.  
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35098919
Is the webmail the Exchange CAS server name?

Hold down the CTRL key with outlook open and then Right-click on the outlook icon and then choose " connection status". See if Outlook is connecting over HTTP or TCP/IP
0
 

Author Comment

by:Longshot9
ID: 35098931
It is connected over tcp/ip

I'm sorry, i don't know the answer to the first one.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35099087
How many Exchange servers do you have? If it is just 1 then that is your client access server. Are the names that Outlook is displaying on your certificate? Are the names resolvable internally to the internal IP address of your CAS server?
0
 

Author Comment

by:Longshot9
ID: 35099121
We have 2.  One here in San Francisco, the other in Los Angeles.  I can resolve both names internally to their IP addresses.  Where do I check the certificate?  I'm sorry for the stupid questions, my firm hired outside consultants to migrate us, haven't trained me on exchange 2010 yet, but expect me to fix it when problems arise.  
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35099520
Get-exchangecertificate |fl
Should show you "subject" on the cert which is the names it is valid for. Look at the common name too.
Does Outlook ever show the name of the LA server?
0
 

Accepted Solution

by:
Longshot9 earned 0 total points
ID: 35219422
Turned out to be an issue with IIS forwarding everything to owa address instead of just forwarding owa to it.  Solved.
0
 

Author Closing Comment

by:Longshot9
ID: 35252822
Solution found with help from an outsource vendor we use.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Outlook Free & Paid Tools
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now