Outlook 2010 & 2007 prompts for password continuously. Possible certificate issue.

Outlook 2007 and 2010 prompt for password continuously.  After HOURS on the phone with Microsoft, we got this fix a few years ago for Office 2007 so it will not prompt for credentials continuously.  The fix is this registry entry:

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\RPC]
"UseWindowsUserCredentials"=dword:00000001

This solved the password prompting issue, but I have noticed a problem when trying to update the global address list. (Office 2007: Tools>Send/Receive>Download Address book and then click ok.)
The process fails.  (See screenshot1.jpeg and screenshoot2.jpeg)

 Screen Shot 1
 Screen Shot 2
I did see where the Send/Receive windows say “Saving Sync Log” (screenshot1.jpeg), but I do not know where this is at.

When “Always prompt for login credentials” (under account setup) is checked, you can update the Global Address book without any problems.  (See attached screen shot screenshot3.jpeg)

 Screen Shot 3
The above registry entry does not work on Office 2010.  What I can understand is this is due to changes in 2010 on how it uses RPC.  I did discover this work around though:

When “Always prompt for login credentials” (under account setup) is checked, everything works fine.  User is not prompted for password (except the first time when they open outlook and you can update the Global Address book.

Please see the additional information below.

Any help is GREATLY appreciated.

Additional information:
1)      Client machines are Windows 7

2)      We have two Exchange servers.  One is Mailbox and Hub Transport.  The other is CAS.  Bother servers are dc, gc, and server 2k3 R2 SP2 64-bit.

3)      Exchange version on both servers is 8.3 (Build 83.6)

4)      We do not have a UCC.  I do think this is part if not all of the problem.  I am not familiar enough with exchange and IIS to request a certificate and then install it and setup everything correctly.  We did not do this when Exchange was setup due to issue with our domain being registered with another company.  This has all been resolved and we can do this now.  I am trying to get a contractor in to request, install, and setup the UCC.

5)      This shows up in System Log on all domain computers:  The server mentioned here is my CAS server:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/jackson.hsisdad.local. The target name used was HTTP/jackson.HSISDAD.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (HSISDAD.LOCAL) is different from the client domain (HSISDAD.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
doug67cougAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MorasivaCommented:
Hi,

  Check the below article...May be helpful to you.
  http://support.microsoft.com/kb/939765
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
doug67cougAuthor Commented:
@Morasiva:  That did have an affect on my global address book issue.  However the solution in the article does not work.  If I disable proxy settings all toghether, it works great!  If I add FQDN of CAS in bypass list it does not work.  Any idea?

Does anyone have an idea regarding the password prompting in Outlook 2010.  I do have a work around, but it is not a fix.
0
doug67cougAuthor Commented:
Ok I found that changing my default gateway to my core switch instead of the firewall/proxy as the gateway allowed the before mentioned solution that Morasiva suggested to work with out any problems.
0
doug67cougAuthor Commented:
Make sure you don't send any of the exchange web traffic through any type of proxy server.  Though it may not block the content, it may cause a long enough delay that Outlook will fail.

After instaling a new UCC and setting autodiscover to only use the domains sited on the certificate, my prompting for password issue was sovled
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.