• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 858
  • Last Modified:

Multiple Domains SBS2011 Outlook 2007 password prompts

Hi Experts,

I have an sbs2011 server setup with multiple domains.
I'm using the srv method for redirection and i'm getting no certificate errors.
The users are connecting externally to the server to get emails. I've beend doing this for a while now and i have no problems with my main domain.

In the alternate domains if the users have outlook 2010... no problems
2007 however keeps prompting for a user name and password.
I've tried my own loging on the 2007 machine and putin the domain\user and it works fine.
Alternate domain users only seem to accept user@altdomain.com.au and it continually prompts after autoconfigure completes and outlook actually opens.


If I disable annon authentication in IIS the prompting dissapears.. users can send and receive emails however the autodiscover feature does not work.

I've had a look and people have mentioned changing the RPC SSL setting to accept. However if i do this all users go to the disconnected state.

i've run the auto config test in outlook on this 2007 machine and it runs fine (unless annon users is disabled)

Anyone know what to do?
0
Gavrick
Asked:
Gavrick
  • 8
  • 6
2 Solutions
 
MegaNuk3Commented:
Try installing this on an Outlook 2007 machine:
http://support.microsoft.com/kb/2475891
0
 
GavrickAuthor Commented:
Thanks, but Its already installed.
0
 
MegaNuk3Commented:
Look at the URLs the Outlook autoconfig test is returning, then try the URLs with the alternate domain credentials and see which ones prompt and prompt
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
GavrickAuthor Commented:
Ok meganuk,
its the OAB URL https://maindomain.com.au/oab/aa1eafb2-3a3c-4a31-8696-829167b1d72b/
I've set the OAB authentication in IIS to the default settings from microsoft

http://technet.microsoft.com/en-us/library/gg247612.aspx

Still prompting
0
 
MegaNuk3Commented:
Add OAB.XML on the end of the URL, then see if you can open it.
Go onto your CAS server and under program files\exchange server\v14\client access\OAB see if there is a web.config file, if so, rename it
0
 
GavrickAuthor Commented:
Ok so i've explored the OAB folder and added the security group that contains the user.
No password prompts in outlook!!!
0
 
MegaNuk3Commented:
Authenticated users normally have Read rights on the <GuID> folder under the OAB, this is usually sufficient as that is where outlook looks for the OAB.XML and copies the files from.
0
 
MegaNuk3Commented:
You can always give Authenticated Users Read permissions on the OAB folder, 1 level above the <GUID> subfolder and then the permissions should be inherited by the GUID subfolder
0
 
GavrickAuthor Commented:
Added the correct permissions... but they periodically reset.
0
 
MegaNuk3Commented:
Is 'authenticated users' permissions not sufficient in your case?
0
 
GavrickAuthor Commented:
Yes it is, I was using a different group before... but changed it to authenticated users the way you described and its working very well!
Thank you for you help
0
 
MegaNuk3Commented:
Did you end up putting 'authenticated users' on the OAB folder level or just the OAB\<GUID> subfolder level?
0
 
GavrickAuthor Commented:
I did it on the oab folder level... i'd previously tried adding a group to the subfolder but the changes would be cleared within a day for some resason....
The problem is now fixed and working well for me however it has made me realise that all users are accessing the same offline address book and not the new ones that i created for each company... i will need to investigate my procedure at some stage...  
0
 
MegaNuk3Commented:
Thanks for the update.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now