Solved

Exchange Server 2010 and Outlook 2007 - prompting for credentials

Posted on 2011-09-23
5
269 Views
Last Modified: 2012-05-22
Hi

I know there are many articles on this and I have dilligently read through many of them, made various changes but am still getting this issue.  Internal clients when launching Outlook 2007 are being prompted for user name and password.  I understand this to be an autodiscover / certifcate issue.  As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  

So, here are my questions:

1. Am I flogging a dead horse until we get a SAN certficate that includes multiple names?
2. As these are internal clients, can I generate a self signed certificate to include the multiple names and install it on the client PCs?  Will this break access to Exchange from outside?
3. Should running the following command return our CAS name or the external FQDN for the mail server?
Get-ClientAccessServer | FL identity,AutoDiscoverServiceInternalUri

Any help would be much appreciated!

Thanks

Glen
0
Comment
Question by:Glen_TTL
5 Comments
 
LVL 2

Expert Comment

by:jojo_OR
ID: 36589970
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36959554
Let me attempt an answer:

As far as I can tell autodiscover is correctly configured so I'm not sure whether  it is simply because we only have a certficate for mail.ourdomain.com rather than an SSN one that also includes autodiscover.  
>
For autodiscover to work correctly, you'd need UCC/SAN Cert with
mail.domain.com
autodiscover.domain.com
internalservername.domain.local

If you are getting a pop-up for allow internalservername.domain.local, then you'd need to consider UCC/SAN. if you are stuck with a single-name SSL, you'd need to do a split DNS
(Create a DNS zone for domain.com  - create A-record for autodiscover, and point it to local fqdn of exchange)

Also, your SPN's and Autodiscoverinternaluri values are important
get-clientaccessserver -identity:servername | ft *autodiscover*

With single name SSL, you might as well configure all URL's - internal / external with - mail.domain.com, and use split dNS. Here's a guide.
http://www.shudnow.net/?s=autodiscoverinternaluri

You can test autodiscover from outlook clients, by pressing Ctrl and RightClick outlook icon on bottom right corner and then Test Outlook Configuration.
Check what values are returned (internal / external url's)
For external sanity tests, please use ExRCA
www.testexchangeconnectivity.com

Hope this helps.

0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 37419656
0
 

Accepted Solution

by:
Glen_TTL earned 0 total points
ID: 37506865
Thank you MDMOJAHID.  This problem has been passed onto a colleague, so I will give her this information and for the time being close this request.

Thanks for your help.
0
 

Author Closing Comment

by:Glen_TTL
ID: 37996107
I will close this question as various changes have been made and the problem is now different.  Instead I will post a new question.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now