Solved

Password required after enabling outlook anywhere for linked mailboxes

Posted on 2011-09-05
5
1,471 Views
Last Modified: 2012-05-12
Hello,
we have implemented a mail structure based on  exchange 2010. Domain A containing the account and domain B with the exchange server 2010 containing mailbox . Mailboxes are linked mailbox.
After you enable Outlook Anywhere all users with the linked mailbox must enter a username and password several times a day. A user created directly in the domain B with mailbox user does not have the problem
How can I prevent users linked password is sought? thank you very much
0
Comment
Question by:pozlu0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36483429
This was the behavior I saw in as far back as Exchange 2003 on 2003 server after activating rpc over https.  Kind of got used to the inability to save password for users not of the Exhange server's home domain.  Not positive, but could be a failing of the client, from a "foreign" domain not being able to do a kerberos authentication?  Or maybe a security ehancement that is "in our best interest"  Never have foound a real answer, but the problem isn't new to 2010.

Watching eagerly to see if an expert has a solution!
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36515112
Some further research, there appears to be a condition that when authenticating, if you present credentials, those credentials are being saved for the backend server only in a frontend/backend configuration.  A potential workaround that I found on a site:

On your client, you need to go into your Mail settings, then check your Exchange Proxy Settings.
Ensure that Connect using SSL only and Mutually authenticate the session when connecting with SSL are both checked on.
Enter in the Principal name for proxy server: in the msstd:frontend.domain.com format.
Select both the Fast and Slow settings.
Make sure the Proxy authentication settings is set to NTLM Authentication.
 

Now the real trick. Outlook will, when you select Remember my Password, store your password for the Back-end Mailbox server. But it does not save your password for the Front-end Proxy server.
Go into your Control Panel > User Accounts > Advanced > Manage Passwords.
Click Add, then type out the name of your Front-end server. This should be the same name as your SSL certificate on the default web site that contains the RPC virtual directory, put in your username and password.
 
A Microsoft KB article on the issue w/2003, may apply to 2008 condition since it's very similar:

http://support.microsoft.com/default.aspx?scid=kb;en-us;820281
0
 

Author Comment

by:pozlu0
ID: 36517206
Thank's I'll try this as soon as possible
0
 

Author Comment

by:pozlu0
ID: 36523063
I've noticed that the problem is related to the computer account on witch the user log on.
If the workstation is joined to domain B password if not required but if workstation is joined to domain A it is
0
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 500 total points
ID: 36533095
Yep, been a long time that this happens, since 2003.  On the native domain workstation, it appears that auto passthrough takes care of the password,  however on a non native domained or workgroup pc, the SAVE password check box is only saving the password for the literal domain account--the front end webserver credentials is left to the system to recall, which isn't part of the SAVE PASSWORD function.  In order to cache/save the front end server web password, you have to create an entry for the literal owa public dns name, like mail.company.com (the entity that the certificate iis issued to)

Visit the owa web interface site, view the cert, look for the "issued to" value and manually create a saved entry using the Issued To value.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question