?
Solved

Exchange Server 2010 and Outlook 2007 - prompting for credentials

Posted on 2011-09-23
5
Medium Priority
?
276 Views
Last Modified: 2012-05-22
Hi

I know there are many articles on this and I have dilligently read through many of them, made various changes but am still getting this issue.  Internal clients when launching Outlook 2007 are being prompted for user name and password.  I understand this to be an autodiscover / certifcate issue.  As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  

So, here are my questions:

1. Am I flogging a dead horse until we get a SAN certficate that includes multiple names?
2. As these are internal clients, can I generate a self signed certificate to include the multiple names and install it on the client PCs?  Will this break access to Exchange from outside?
3. Should running the following command return our CAS name or the external FQDN for the mail server?
Get-ClientAccessServer | FL identity,AutoDiscoverServiceInternalUri

Any help would be much appreciated!

Thanks

Glen
0
Comment
Question by:Glen_TTL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Expert Comment

by:jojo_OR
ID: 36589970
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36959554
Let me attempt an answer:

As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  
>
For autodiscover to work correctly, you'd need UCC/SAN Cert with
mail.domain.com
autodiscover.domain.com
internalservername.domain.local

If you are getting a pop-up for allow internalservername.domain.local, then you'd need to consider UCC/SAN. if you are stuck with a single-name SSL, you'd need to do a split DNS
(Create a DNS zone for domain.com  - create A-record for autodiscover, and point it to local fqdn of exchange)

Also, your SPN's and Autodiscoverinternaluri values are important
get-clientaccessserver -identity:servername | ft *autodiscover*

With single name SSL, you might as well configure all URL's - internal / external with - mail.domain.com, and use split dNS. Here's a guide.
http://www.shudnow.net/?s=autodiscoverinternaluri

You can test autodiscover from outlook clients, by pressing Ctrl and RightClick outlook icon on bottom right corner and then Test Outlook Configuration.
Check what values are returned (internal / external url's)
For external sanity tests, please use ExRCA
www.testexchangeconnectivity.com

Hope this helps.

0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 37419656
0
 

Accepted Solution

by:
Glen_TTL earned 0 total points
ID: 37506865
Thank you MDMOJAHID.  This problem has been passed onto a colleague, so I will give her this information and for the time being close this request.

Thanks for your help.
0
 

Author Closing Comment

by:Glen_TTL
ID: 37996107
I will close this question as various changes have been made and the problem is now different.  Instead I will post a new question.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question