Solved

Exchange Server 2010 and Outlook 2007 - prompting for credentials

Posted on 2011-09-23
5
275 Views
Last Modified: 2012-05-22
Hi

I know there are many articles on this and I have dilligently read through many of them, made various changes but am still getting this issue.  Internal clients when launching Outlook 2007 are being prompted for user name and password.  I understand this to be an autodiscover / certifcate issue.  As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  

So, here are my questions:

1. Am I flogging a dead horse until we get a SAN certficate that includes multiple names?
2. As these are internal clients, can I generate a self signed certificate to include the multiple names and install it on the client PCs?  Will this break access to Exchange from outside?
3. Should running the following command return our CAS name or the external FQDN for the mail server?
Get-ClientAccessServer | FL identity,AutoDiscoverServiceInternalUri

Any help would be much appreciated!

Thanks

Glen
0
Comment
Question by:Glen_TTL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Expert Comment

by:jojo_OR
ID: 36589970
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36959554
Let me attempt an answer:

As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  
>
For autodiscover to work correctly, you'd need UCC/SAN Cert with
mail.domain.com
autodiscover.domain.com
internalservername.domain.local

If you are getting a pop-up for allow internalservername.domain.local, then you'd need to consider UCC/SAN. if you are stuck with a single-name SSL, you'd need to do a split DNS
(Create a DNS zone for domain.com  - create A-record for autodiscover, and point it to local fqdn of exchange)

Also, your SPN's and Autodiscoverinternaluri values are important
get-clientaccessserver -identity:servername | ft *autodiscover*

With single name SSL, you might as well configure all URL's - internal / external with - mail.domain.com, and use split dNS. Here's a guide.
http://www.shudnow.net/?s=autodiscoverinternaluri

You can test autodiscover from outlook clients, by pressing Ctrl and RightClick outlook icon on bottom right corner and then Test Outlook Configuration.
Check what values are returned (internal / external url's)
For external sanity tests, please use ExRCA
www.testexchangeconnectivity.com

Hope this helps.

0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 37419656
0
 

Accepted Solution

by:
Glen_TTL earned 0 total points
ID: 37506865
Thank you MDMOJAHID.  This problem has been passed onto a colleague, so I will give her this information and for the time being close this request.

Thanks for your help.
0
 

Author Closing Comment

by:Glen_TTL
ID: 37996107
I will close this question as various changes have been made and the problem is now different.  Instead I will post a new question.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Overload?
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question