Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1519
  • Last Modified:

Password required after enabling outlook anywhere for linked mailboxes

Hello,
we have implemented a mail structure based on  exchange 2010. Domain A containing the account and domain B with the exchange server 2010 containing mailbox . Mailboxes are linked mailbox.
After you enable Outlook Anywhere all users with the linked mailbox must enter a username and password several times a day. A user created directly in the domain B with mailbox user does not have the problem
How can I prevent users linked password is sought? thank you very much
0
pozlu0
Asked:
pozlu0
  • 3
  • 2
1 Solution
 
BobintheNocCommented:
This was the behavior I saw in as far back as Exchange 2003 on 2003 server after activating rpc over https.  Kind of got used to the inability to save password for users not of the Exhange server's home domain.  Not positive, but could be a failing of the client, from a "foreign" domain not being able to do a kerberos authentication?  Or maybe a security ehancement that is "in our best interest"  Never have foound a real answer, but the problem isn't new to 2010.

Watching eagerly to see if an expert has a solution!
0
 
BobintheNocCommented:
Some further research, there appears to be a condition that when authenticating, if you present credentials, those credentials are being saved for the backend server only in a frontend/backend configuration.  A potential workaround that I found on a site:

On your client, you need to go into your Mail settings, then check your Exchange Proxy Settings.
Ensure that Connect using SSL only and Mutually authenticate the session when connecting with SSL are both checked on.
Enter in the Principal name for proxy server: in the msstd:frontend.domain.com format.
Select both the Fast and Slow settings.
Make sure the Proxy authentication settings is set to NTLM Authentication.
 

Now the real trick. Outlook will, when you select Remember my Password, store your password for the Back-end Mailbox server. But it does not save your password for the Front-end Proxy server.
Go into your Control Panel > User Accounts > Advanced > Manage Passwords.
Click Add, then type out the name of your Front-end server. This should be the same name as your SSL certificate on the default web site that contains the RPC virtual directory, put in your username and password.
 
A Microsoft KB article on the issue w/2003, may apply to 2008 condition since it's very similar:

http://support.microsoft.com/default.aspx?scid=kb;en-us;820281
0
 
pozlu0Author Commented:
Thank's I'll try this as soon as possible
0
 
pozlu0Author Commented:
I've noticed that the problem is related to the computer account on witch the user log on.
If the workstation is joined to domain B password if not required but if workstation is joined to domain A it is
0
 
BobintheNocCommented:
Yep, been a long time that this happens, since 2003.  On the native domain workstation, it appears that auto passthrough takes care of the password,  however on a non native domained or workgroup pc, the SAVE password check box is only saving the password for the literal domain account--the front end webserver credentials is left to the system to recall, which isn't part of the SAVE PASSWORD function.  In order to cache/save the front end server web password, you have to create an entry for the literal owa public dns name, like mail.company.com (the entity that the certificate iis issued to)

Visit the owa web interface site, view the cert, look for the "issued to" value and manually create a saved entry using the Issued To value.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now