cdshreve
asked on
outlook 2010 prompting for credentials when downloading the OAB. and not accepting them.
I have outlook 2010 and exchange 2010/2003mixed env. my mailbox is on exch2010 and I use outlook 2010 in cached mode. When in cached mode, outlook will not download the OAB. it prompts for credentials but won't accept them. I have rebuilt the OAB from scratch and repointed all of the databases to the new one and it didn't fix it.
We have windows authentication turned on for the OAB in IIS. outlook 2003 has no issues as it is generated to the public folder. OWA seems fine. it is getting to the OAB and it is up to date.
Any help is appreciated!
We have windows authentication turned on for the OAB in IIS. outlook 2003 has no issues as it is generated to the public folder. OWA seems fine. it is getting to the OAB and it is up to date.
Any help is appreciated!
ASKER
We are using a wildcard cert. *.domain.com
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
YUp, those look good. Try running this command as well
Get-OutlookAnywhere | Set-OutlookAnywhere –IISAuthenticationMethods: Basic, ntlm
Get-OutlookAnywhere | Set-OutlookAnywhere –IISAuthenticationMethods:
wildcard is no good for autodiscover.
I have no idea why to be honest, but i knw you need a good UCC cert for exchange 2007/2010.
you need
domain.com
autodiscover.domain.com
mail.domain.com - if you use mail.domain.com to connect to owa (replace with whatever you set in dns for owa access.
I have no idea why to be honest, but i knw you need a good UCC cert for exchange 2007/2010.
you need
domain.com
autodiscover.domain.com
mail.domain.com - if you use mail.domain.com to connect to owa (replace with whatever you set in dns for owa access.
ASKER
SuperTaco, do i need to cycle IIS after that?
mwiener1, I'll try to talk my win admin into it tomorrow and we'll give it a try.
Thanks guys!
mwiener1, I'll try to talk my win admin into it tomorrow and we'll give it a try.
Thanks guys!
yes you do. iisreset /noforce. i would still recommend a UCC/SAN cert.
You're welcome - I remember fighting with certs for that same issue numerous times. I always end up just paying godaddy the $89 or whatever it costs for the UCC/SAN cert. I think you can get them cheaper at www.exchangecertificates.com but i haven't used them personally.
ASKER
OK now it is just hanging when I try to download the addressbook. it hasn't asked for credentials like it was but it just hangs.
are you able to browse to https:mailserver.domain.com/oab? you may need to check your folder permissions or enable browsing on the oab virtual directory.
ASKER
When I browse to https:mailserver.domain.com/oab I get a 403 forbidden.
How do I enable browsing on the virtual directory and what should the permissions be?
How do I enable browsing on the virtual directory and what should the permissions be?
on the actual physical directory, users should have at least read and execute.
here's instruciton for directory browsing
http://technet.microsoft.com/en-us/library/cc731109%28WS.10%29.aspx
when you get to where you can enable it, look to the top left. (in IIS)
if you still get errors, try rebuilding the OAB.
here's another link to some OAB troubleshooting steps:
http://support.microsoft.com/kb/811870
If you end up getting any other erros trying to donwload it, post it up here and we'll get you pointing in the right direction.
here's instruciton for directory browsing
http://technet.microsoft.com/en-us/library/cc731109%28WS.10%29.aspx
when you get to where you can enable it, look to the top left. (in IIS)
if you still get errors, try rebuilding the OAB.
here's another link to some OAB troubleshooting steps:
http://support.microsoft.com/kb/811870
If you end up getting any other erros trying to donwload it, post it up here and we'll get you pointing in the right direction.
ASKER
Attached are the permissions and I did enable browsing on the OAB virtual directory and can now browse to it. Still having issues with the prompting. :(
That article is for 2000 and 5.5 oab...
oabpermissions.PNG
That article is for 2000 and 5.5 oab...
oabpermissions.PNG
You need a valid SSL cert with autodiscover on it or you will always get the prompts.
cdshreve, please remeber i also recommended getting the UCC/SAN cert. The script I gave resolves the issues for about 12-24 hours so you can get time to get the cert.
ASKER
We finally got an explicit SAN Cert and all is working now.
Thank you to all who helped!!
Thank you to all who helped!!
Thats a common problem if your ssl cert isn't correct. Self signed certs just dont work. There are workarounds, but its almost never worth the hassle.