Link to home
Start Free TrialLog in
Avatar of Ben Hart
Ben HartFlag for United States of America

asked on

Outlook prompts for credentials.. all the time.

So first the background:

Corporate network, two sites connected via MPLS.
Site A has 2 x 2008 R2 DC's and 1 x Exch 2010
Site B has 1 x 2008 R2 DC and 1 x Exch 2010

Site B was the second Exch server to go live, which was completed roughly two weeks ago.  Since then many... many of the users here at Site B get prompted multiple times throughout the day to authenticate in Outlook, it always defaults to *email-server/username* versus *domain/username* which I still can't figure out.  Anyway about half the time getting the user to manually type in *domain/username* solves the problem, they connect and work just fine for a few days or so until it happens again.

A third of the time the user has changed their domain password that same day and had not closed Outlook or rebooted their pc. So a reboot is the easiest and usually what I make them do and afterwards Outlook is just fine.

*EDIT* I've discovered that some of these users so far have Outlook clients that are still trying to access Public Folders on servers that have been shut down. Around a month ago I followed the steps outlined here: Moving PF from 2003 to 2010 And gave each of the two old Exch 2003 servers a week to replicate before shutting them down.


But I've had a very hard time trying to find out why this whole Outlook/Exchange/domain controller disconnect happens in the first place.

Did we potentially miss an option or mis-configure something server side?  Anyone know why this would happen so often?
Avatar of apache09
apache09
Flag of New Zealand image

Without Knowing what Outlook Client is being used (2010?)

I would check that the client PCs have the latest SP installed for Office
SOLUTION
Avatar of lloydsystems
lloydsystems
Flag of Afghanistan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ben Hart

ASKER

Oops sorry yes the client is a mix of 2007/2010 Outlook.  Which shouldn't pose any problems but the users I am able to upgrade quickly to 2010 I do.

lloydsystems: I checked the DNS config on the production nic and primary dns was set two site b's DC without a secondary.  I assumed that proper communication to any DC would be sufficient however as a test I did put one of site a's DC ip's as primary as site b's dc as secondary.  Unsure of the results yet though.

Out of curiosity, I know where the authentication config is for web apps (OWA) but I can't recall seeing an option for Outlook like your saying.
Okay at this point I'll suggest you check the authentication settings for your Exchange Server IIS OAB is set to Basic/NTLM authentication
Both of my Exchange servers, IIS OAB authentication settings are Windows Integrated and Basic Auth.  The site a server was configured that way via the consultant from Dell.  Site B was from me mirroring Site A.  Are you telling me that possibly us using windows integrated is why the authentication popups default to exchange_server\username?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok on the server in Site B, kernel-mode is enabled on RPC, Autodiscover and EWS.  The option is grayed out under OAB.
Can you please concentrate @ the Outlook-connection-details?
(Outlook system-tray icon, right-click and properties) during the normal and also at the affected times.

IMO, during the normal working time, Outlook would be working using tcp\ip protocol
During the problematic (intermittent auth condition)...connection would be attempting to us HTTPs protocol.

If Yes, then you may need to plan to get the "NTLM Authentication" for the Outlook-Anywhere settings.

Note: this will allow Outlook connections to seamlessly move between tcp\ip and https
I actually disable Outlook Anywhere here, so in this instance it can't be switching connection protocols causing this.