Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Outlook prompts for credentials.. all the time.

Posted on 2011-10-13
Medium Priority
Last Modified: 2012-06-27
So first the background:

Corporate network, two sites connected via MPLS.
Site A has 2 x 2008 R2 DC's and 1 x Exch 2010
Site B has 1 x 2008 R2 DC and 1 x Exch 2010

Site B was the second Exch server to go live, which was completed roughly two weeks ago.  Since then many... many of the users here at Site B get prompted multiple times throughout the day to authenticate in Outlook, it always defaults to *email-server/username* versus *domain/username* which I still can't figure out.  Anyway about half the time getting the user to manually type in *domain/username* solves the problem, they connect and work just fine for a few days or so until it happens again.

A third of the time the user has changed their domain password that same day and had not closed Outlook or rebooted their pc. So a reboot is the easiest and usually what I make them do and afterwards Outlook is just fine.

*EDIT* I've discovered that some of these users so far have Outlook clients that are still trying to access Public Folders on servers that have been shut down. Around a month ago I followed the steps outlined here: Moving PF from 2003 to 2010 And gave each of the two old Exch 2003 servers a week to replicate before shutting them down.

But I've had a very hard time trying to find out why this whole Outlook/Exchange/domain controller disconnect happens in the first place.

Did we potentially miss an option or mis-configure something server side?  Anyone know why this would happen so often?
Question by:Ben Hart
LVL 47

Expert Comment

ID: 36966468
Without Knowing what Outlook Client is being used (2010?)

I would check that the client PCs have the latest SP installed for Office

Assisted Solution

lloydsystems earned 1000 total points
ID: 36967414
I'll suggest you verify that the Exchange Server at Site B can communicate effectively with Site B's Active Directory DC and both site A and B DCs ADDS replicates properly. Prompt for authentication in Outlook is usually associated with communication problem with Active Directory from the DCs or from the Exchange Server to Active Directory.

In addition to the domain\username you can actually set this on the Exchange server authentication settings.

Hope this helps :)
LVL 14

Author Comment

by:Ben Hart
ID: 36968367
Oops sorry yes the client is a mix of 2007/2010 Outlook.  Which shouldn't pose any problems but the users I am able to upgrade quickly to 2010 I do.

lloydsystems: I checked the DNS config on the production nic and primary dns was set two site b's DC without a secondary.  I assumed that proper communication to any DC would be sufficient however as a test I did put one of site a's DC ip's as primary as site b's dc as secondary.  Unsure of the results yet though.

Out of curiosity, I know where the authentication config is for web apps (OWA) but I can't recall seeing an option for Outlook like your saying.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Expert Comment

ID: 36968831
Okay at this point I'll suggest you check the authentication settings for your Exchange Server IIS OAB is set to Basic/NTLM authentication
LVL 14

Author Comment

by:Ben Hart
ID: 36969159
Both of my Exchange servers, IIS OAB authentication settings are Windows Integrated and Basic Auth.  The site a server was configured that way via the consultant from Dell.  Site B was from me mirroring Site A.  Are you telling me that possibly us using windows integrated is why the authentication popups default to exchange_server\username?
LVL 15

Accepted Solution

vahiid earned 1000 total points
ID: 36969694
If you are using 'Windows Authentication', make sure that 'Enable Kernel-mode authentication' is enabled'... : By default, IIS enables kernel-mode authentication, which may improve authentication performance and prevent authentication problems with application pools configured to use a custom identity. As a best practice, do not disable this setting if Kerberos authentication is used in your environment and the application pool is configured to use a custom identity.

For each of the OAB, AutoDiscover, EWS and RPC virtual directories on Site B:
- in IIS, Click the Authentication icon on the right hand side.
- Right click on Windows Authentication and select Advanced Settings.
- Check Enable kernel-mode authentication.

Vahid Haeri
LVL 14

Author Comment

by:Ben Hart
ID: 36970888
Ok on the server in Site B, kernel-mode is enabled on RPC, Autodiscover and EWS.  The option is grayed out under OAB.
LVL 26

Expert Comment

ID: 36987752
Can you please concentrate @ the Outlook-connection-details?
(Outlook system-tray icon, right-click and properties) during the normal and also at the affected times.

IMO, during the normal working time, Outlook would be working using tcp\ip protocol
During the problematic (intermittent auth condition)...connection would be attempting to us HTTPs protocol.

If Yes, then you may need to plan to get the "NTLM Authentication" for the Outlook-Anywhere settings.

Note: this will allow Outlook connections to seamlessly move between tcp\ip and https
LVL 14

Author Comment

by:Ben Hart
ID: 37025596
I actually disable Outlook Anywhere here, so in this instance it can't be switching connection protocols causing this.

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
As a Microsoft Exchange user, you must have known the importance of an Offline storage table (OST) file. It is nothing new for an Outlook user to be dependent on a .ost file during a server break down or a problematic Internet connection. In such a…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month13 days, 5 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question