Solved

Password required after enabling outlook anywhere for linked mailboxes

Posted on 2011-09-05
5
1,391 Views
Last Modified: 2012-05-12
Hello,
we have implemented a mail structure based on  exchange 2010. Domain A containing the account and domain B with the exchange server 2010 containing mailbox . Mailboxes are linked mailbox.
After you enable Outlook Anywhere all users with the linked mailbox must enter a username and password several times a day. A user created directly in the domain B with mailbox user does not have the problem
How can I prevent users linked password is sought? thank you very much
0
Comment
Question by:pozlu0
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:BobintheNoc
Comment Utility
This was the behavior I saw in as far back as Exchange 2003 on 2003 server after activating rpc over https.  Kind of got used to the inability to save password for users not of the Exhange server's home domain.  Not positive, but could be a failing of the client, from a "foreign" domain not being able to do a kerberos authentication?  Or maybe a security ehancement that is "in our best interest"  Never have foound a real answer, but the problem isn't new to 2010.

Watching eagerly to see if an expert has a solution!
0
 
LVL 7

Expert Comment

by:BobintheNoc
Comment Utility
Some further research, there appears to be a condition that when authenticating, if you present credentials, those credentials are being saved for the backend server only in a frontend/backend configuration.  A potential workaround that I found on a site:

On your client, you need to go into your Mail settings, then check your Exchange Proxy Settings.
Ensure that Connect using SSL only and Mutually authenticate the session when connecting with SSL are both checked on.
Enter in the Principal name for proxy server: in the msstd:frontend.domain.com format.
Select both the Fast and Slow settings.
Make sure the Proxy authentication settings is set to NTLM Authentication.
 

Now the real trick. Outlook will, when you select Remember my Password, store your password for the Back-end Mailbox server. But it does not save your password for the Front-end Proxy server.
Go into your Control Panel > User Accounts > Advanced > Manage Passwords.
Click Add, then type out the name of your Front-end server. This should be the same name as your SSL certificate on the default web site that contains the RPC virtual directory, put in your username and password.
 
A Microsoft KB article on the issue w/2003, may apply to 2008 condition since it's very similar:

http://support.microsoft.com/default.aspx?scid=kb;en-us;820281
0
 

Author Comment

by:pozlu0
Comment Utility
Thank's I'll try this as soon as possible
0
 

Author Comment

by:pozlu0
Comment Utility
I've noticed that the problem is related to the computer account on witch the user log on.
If the workstation is joined to domain B password if not required but if workstation is joined to domain A it is
0
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 500 total points
Comment Utility
Yep, been a long time that this happens, since 2003.  On the native domain workstation, it appears that auto passthrough takes care of the password,  however on a non native domained or workgroup pc, the SAVE password check box is only saving the password for the literal domain account--the front end webserver credentials is left to the system to recall, which isn't part of the SAVE PASSWORD function.  In order to cache/save the front end server web password, you have to create an entry for the literal owa public dns name, like mail.company.com (the entity that the certificate iis issued to)

Visit the owa web interface site, view the cert, look for the "issued to" value and manually create a saved entry using the Issued To value.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now