Solved

Exchange Server 2010 and Outlook 2007 - prompting for credentials

Posted on 2011-09-23
5
273 Views
Last Modified: 2012-05-22
Hi

I know there are many articles on this and I have dilligently read through many of them, made various changes but am still getting this issue.  Internal clients when launching Outlook 2007 are being prompted for user name and password.  I understand this to be an autodiscover / certifcate issue.  As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  

So, here are my questions:

1. Am I flogging a dead horse until we get a SAN certficate that includes multiple names?
2. As these are internal clients, can I generate a self signed certificate to include the multiple names and install it on the client PCs?  Will this break access to Exchange from outside?
3. Should running the following command return our CAS name or the external FQDN for the mail server?
Get-ClientAccessServer | FL identity,AutoDiscoverServiceInternalUri

Any help would be much appreciated!

Thanks

Glen
0
Comment
Question by:Glen_TTL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Expert Comment

by:jojo_OR
ID: 36589970
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36959554
Let me attempt an answer:

As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  
>
For autodiscover to work correctly, you'd need UCC/SAN Cert with
mail.domain.com
autodiscover.domain.com
internalservername.domain.local

If you are getting a pop-up for allow internalservername.domain.local, then you'd need to consider UCC/SAN. if you are stuck with a single-name SSL, you'd need to do a split DNS
(Create a DNS zone for domain.com  - create A-record for autodiscover, and point it to local fqdn of exchange)

Also, your SPN's and Autodiscoverinternaluri values are important
get-clientaccessserver -identity:servername | ft *autodiscover*

With single name SSL, you might as well configure all URL's - internal / external with - mail.domain.com, and use split dNS. Here's a guide.
http://www.shudnow.net/?s=autodiscoverinternaluri

You can test autodiscover from outlook clients, by pressing Ctrl and RightClick outlook icon on bottom right corner and then Test Outlook Configuration.
Check what values are returned (internal / external url's)
For external sanity tests, please use ExRCA
www.testexchangeconnectivity.com

Hope this helps.

0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 37419656
0
 

Accepted Solution

by:
Glen_TTL earned 0 total points
ID: 37506865
Thank you MDMOJAHID.  This problem has been passed onto a colleague, so I will give her this information and for the time being close this request.

Thanks for your help.
0
 

Author Closing Comment

by:Glen_TTL
ID: 37996107
I will close this question as various changes have been made and the problem is now different.  Instead I will post a new question.
0

Featured Post

Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question