• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1225
  • Last Modified:

Outlook 2007 Password Prompt and Certificate error after upgrade to Exchange 2010

We just upgraded from Exchange 2003 to 2010. Our configuration has the Client Access Server with two certificates of which one is for External Access and the other is for the Internal Access. When starting Outlook 2007 client I receive two certificate errors which they are trying to talk to the internal name and the certificate contains the external FQDN.

I am also receiving a password prompt which makes me believe it is forcing outlook to connect to the https: proxy. I disable https proxy and it keeps re-enabling automatically.

I would like to have internal clients have the https proxy settings configured but only effective on slow networks.
0
dmasystems
Asked:
dmasystems
  • 2
  • 2
  • 2
  • +2
1 Solution
 
ts4673Commented:
unless you want constant grief buy a commercial SAN certificate from godaddy and use it.
0
 
Binish007Commented:
Hi There

This problem occurs because the default Exchange Server 2010 Release to Manufacturing (RTM) configuration requires RPC encryption. However, by default, Microsoft Office Outlook 2003 does not use RPC encryption.

Note This problem can also occur if you are using Microsoft Office Outlook 2007 and you disable the Encrypt data between Microsoft Office Outlook and Microsoft Exchange profile setting.

Note In Exchange Server 2010 Service Pack 1, the RPC encryption requirement is disabled, by default. Any new Client Access Servers (CAS) deployed in the organization will not require encryption. However, any CAS servers deployed prior to Service Pack 1, or upgraded to Service Pack 1, will retain the existing RPC encryption requirement setting.

You can also automate this settings by using Microsoft .adm template to configure it through Group Policy.

Many Thanks
Binish Varghese

Many Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
dmasystemsAuthor Commented:
Thank you both for your comments. After reading about the certs I have found that I should have done the SAN certificate and probably will when I want to take advantage of Auto Discover.

I had already purchased two certificates and made them work. I found that by having the external certificate bound to port 443 on the CAS that was causing Outlook to give the name mismatch warning. Fortunately we have a Netscaler from Citrix that does SSL off loading so I was able to remove the external certificate from the CAS and bind the internal cert to port 443. Cert error resolved.

The password prompt is from having shared mailboxes. I have a couple service mailboxes such as Helpdesk and terminated users added into Outlook. When I remove them the prompt disappears. Now I need to figure out how to have shared mailboxes added in Outlook without the prompts.
0
 
Binish007Commented:
Hi There
In Exchange you can do Full Access Permission for the mailbox you want to configure as an additional mailbox.

Many Thanks
Binish
0
 
alsmachadoCommented:
Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement
http://support.microsoft.com/kb/2006508/en-us
0
 
Shreedhar EtteCommented:
Any progress on this issue?
0
 
alsmachadoCommented:
Followed procedure on MS KB:

Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $False

Problem Solved
0
 
dmasystemsAuthor Commented:
This is the way is "should' be configured from the start. Since I didn't plan for this in the beginning I now have a complicated configuration. We have a Netscaler that is doing the SSL offload for OWA certificate and the autoconfig.<domain>.com certificate which I purchased cheaply from GoDaddy and I also purchased a GoDaddy cert for our internal certificate which I installed on the CAS for internal access.

If I didn't have the Netscaler this would have been a hug headache unless as the working solution suggested I was to buy a SAN install in on the CAS and assign the 3 roles to it.

Thanks for the help and sorry for the delayed response.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now