Solved

Password required after enabling outlook anywhere for linked mailboxes

Posted on 2011-09-05
5
1,483 Views
Last Modified: 2012-05-12
Hello,
we have implemented a mail structure based on  exchange 2010. Domain A containing the account and domain B with the exchange server 2010 containing mailbox . Mailboxes are linked mailbox.
After you enable Outlook Anywhere all users with the linked mailbox must enter a username and password several times a day. A user created directly in the domain B with mailbox user does not have the problem
How can I prevent users linked password is sought? thank you very much
0
Comment
Question by:pozlu0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36483429
This was the behavior I saw in as far back as Exchange 2003 on 2003 server after activating rpc over https.  Kind of got used to the inability to save password for users not of the Exhange server's home domain.  Not positive, but could be a failing of the client, from a "foreign" domain not being able to do a kerberos authentication?  Or maybe a security ehancement that is "in our best interest"  Never have foound a real answer, but the problem isn't new to 2010.

Watching eagerly to see if an expert has a solution!
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36515112
Some further research, there appears to be a condition that when authenticating, if you present credentials, those credentials are being saved for the backend server only in a frontend/backend configuration.  A potential workaround that I found on a site:

On your client, you need to go into your Mail settings, then check your Exchange Proxy Settings.
Ensure that Connect using SSL only and Mutually authenticate the session when connecting with SSL are both checked on.
Enter in the Principal name for proxy server: in the msstd:frontend.domain.com format.
Select both the Fast and Slow settings.
Make sure the Proxy authentication settings is set to NTLM Authentication.
 

Now the real trick. Outlook will, when you select Remember my Password, store your password for the Back-end Mailbox server. But it does not save your password for the Front-end Proxy server.
Go into your Control Panel > User Accounts > Advanced > Manage Passwords.
Click Add, then type out the name of your Front-end server. This should be the same name as your SSL certificate on the default web site that contains the RPC virtual directory, put in your username and password.
 
A Microsoft KB article on the issue w/2003, may apply to 2008 condition since it's very similar:

http://support.microsoft.com/default.aspx?scid=kb;en-us;820281
0
 

Author Comment

by:pozlu0
ID: 36517206
Thank's I'll try this as soon as possible
0
 

Author Comment

by:pozlu0
ID: 36523063
I've noticed that the problem is related to the computer account on witch the user log on.
If the workstation is joined to domain B password if not required but if workstation is joined to domain A it is
0
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 500 total points
ID: 36533095
Yep, been a long time that this happens, since 2003.  On the native domain workstation, it appears that auto passthrough takes care of the password,  however on a non native domained or workgroup pc, the SAVE password check box is only saving the password for the literal domain account--the front end webserver credentials is left to the system to recall, which isn't part of the SAVE PASSWORD function.  In order to cache/save the front end server web password, you have to create an entry for the literal owa public dns name, like mail.company.com (the entity that the certificate iis issued to)

Visit the owa web interface site, view the cert, look for the "issued to" value and manually create a saved entry using the Issued To value.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question