Exchange 07 with ISA 06 Password prompt issue

Posted on 2011-04-26
Medium Priority
Last Modified: 2012-05-11
Good evening,

I am having and internal issue with my outlook 2007 clients, they can connect to their mailbox however they are getting prompted for their username/password when they open Outlook.
The interesting thing about this issue is, when I remove my OWA DNS pointer, pointing to my ISA in my DNS which is mail.domain.com it doesn’t prompt them for their password anymore.
I do use mail.domain.com for Outlook Anywhere / OWA and that is the CN of my Cert. We host 8 company domains so I have a UCC with Godaddy and I have it configured as followed.

CN = mail.domain.com
Alt’s =

Now I also added in mail.domain 1-8.com as well in the UCC but I am thinking this is pointless as I have my ISA06 configured to redirect all to mail.domain.com for OWA. So I believe I can remove those from the SSL and free up some room.

I noticed a lot of articles state that you should add your “internal server” however because I manage my internal DNS I have my Client Access Server configured for the same “Internal / External address of mail.domain.com” is this wrong?

My outlook anywhere works perfectly outside of the company and I don’t mind that my laptop users using this feature must enter their password each time. However my internal users shouldn’t be getting prompted for this.
Also the outlook anywhere clients are able to configure them self so this means auto discover must be working.

I am not 100% sure what other information you may need to help me solve this issue but please let me know and I will post whatever maybe needed.

Thank you,

Question by:mrcjc951
  • 3

Author Comment

ID: 35470540
I should also state that when I remove the internal DNS pointer to my "mail.domain.com" my users who use webmail internally cant access it because I removed the pointer however my external users OWA still works flawlessly... I just seems like my outlook clients internally are requesting information from mail.domain.com which I don’t understand when I have them configured to my Exchange mail server of "Exchsrv07.domain.local."
LVL 32

Accepted Solution

endital1097 earned 1000 total points
ID: 35474628
your users are being routed thru ISA for Autodiscover and web services which will require basic authentication

your internal DNS for mail.domain.com should point to your CAS server or load balancer


Author Comment

ID: 35476467
Okay I gave that a try and that does work, but now my users that use internal OWA for our Order Desks etc... Do not get routed to the OWA form login page, it just pops up an authentication window and then takes them directly into their mailbox.

Correct me if I am wrong but, If I go ahead and add my internal Client Access Server on the UCC Cert I should be able to reconfigure the "internal URL" and point my users thru the ISA listener? Or would this bring the Outlook pop up back?

Or is there another way to correct this all together for internal OWA users?


Author Comment

ID: 35476722
I went a head and changed in Internal URL on my CAS to mail.domain2.com and used ISA to point to mail.domain2.com/owa/ then did a my redirection / deny rules to point to this new path, this fixed my OWA interal issue.

Thanks for your help!

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month16 days, 19 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question