Solved

Exchange Server 2010 and Outlook 2007 - prompting for credentials

Posted on 2011-09-23
5
272 Views
Last Modified: 2012-05-22
Hi

I know there are many articles on this and I have dilligently read through many of them, made various changes but am still getting this issue.  Internal clients when launching Outlook 2007 are being prompted for user name and password.  I understand this to be an autodiscover / certifcate issue.  As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  

So, here are my questions:

1. Am I flogging a dead horse until we get a SAN certficate that includes multiple names?
2. As these are internal clients, can I generate a self signed certificate to include the multiple names and install it on the client PCs?  Will this break access to Exchange from outside?
3. Should running the following command return our CAS name or the external FQDN for the mail server?
Get-ClientAccessServer | FL identity,AutoDiscoverServiceInternalUri

Any help would be much appreciated!

Thanks

Glen
0
Comment
Question by:Glen_TTL
5 Comments
 
LVL 2

Expert Comment

by:jojo_OR
ID: 36589970
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36959554
Let me attempt an answer:

As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  
>
For autodiscover to work correctly, you'd need UCC/SAN Cert with
mail.domain.com
autodiscover.domain.com
internalservername.domain.local

If you are getting a pop-up for allow internalservername.domain.local, then you'd need to consider UCC/SAN. if you are stuck with a single-name SSL, you'd need to do a split DNS
(Create a DNS zone for domain.com  - create A-record for autodiscover, and point it to local fqdn of exchange)

Also, your SPN's and Autodiscoverinternaluri values are important
get-clientaccessserver -identity:servername | ft *autodiscover*

With single name SSL, you might as well configure all URL's - internal / external with - mail.domain.com, and use split dNS. Here's a guide.
http://www.shudnow.net/?s=autodiscoverinternaluri

You can test autodiscover from outlook clients, by pressing Ctrl and RightClick outlook icon on bottom right corner and then Test Outlook Configuration.
Check what values are returned (internal / external url's)
For external sanity tests, please use ExRCA
www.testexchangeconnectivity.com

Hope this helps.

0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 37419656
0
 

Accepted Solution

by:
Glen_TTL earned 0 total points
ID: 37506865
Thank you MDMOJAHID.  This problem has been passed onto a colleague, so I will give her this information and for the time being close this request.

Thanks for your help.
0
 

Author Closing Comment

by:Glen_TTL
ID: 37996107
I will close this question as various changes have been made and the problem is now different.  Instead I will post a new question.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question