accessing webmail of mail server outside local domain from local domain client pc

On any PC that is in our local domain, we cannot login to our mail server's webmail without changing the domain prefix.  Yet for computers not yet joined to the domain or outside the office, they don't need to change a thing.

EG:   Outside the local domain (or office)...
username = fsurname
password = abc123

As member of local domain...
it tries to connect with username = ourdomain.local\fsurname
but it fails and I have to change to clientpc\fsurname

How can I make it so that it works with either???

PS.   the local domain is setup like "ourdomain.local" and the email server (which is in the office, in a different IP range) is setup as "".  We can normally access webmail from any computer, anywhere.

Reece DoddsAsked:
Who is Participating?
Com'on!   Why can anyone just say that....

1. "There isn't anything wrong with it!"

2. "It's exactly the way it is supposed to be!"

3. "It's been that way since 1995"

Because those are all true statements.
If you want it to work cleanly the Clients have to be in the same Domain as the Exchange or not be in a domain at all.   If the Clients are in a different Domain than them Exchange  then you are going to get exactly what you are getting.   There is no "fix" because there is nothing "broken".
Sajid Shaik MSr. System AdminCommented:
it's an dns issue...

Create DNS forwarder ins your DOmain point to Mail server...

open DNS management - select the DNS Server - right click- properties - select forwarder - type the mail server name in DNS name ..and tyep the IP addressof Mail server n " select domain forwardes ip address: add .. thats is (in win 2003)

ans similar in win 2008 and R2

all the best
Unless the Exchange machine is also a DNS server with records that aren't available on the other DNS servers in your domain, it should NOT be listed in the forwarders list.

Can you clarify, when you say "computers... outside the office", are these computers joined to the domain or not?

Is the Exchange (webmail) server a part of the same domain "ourdomain.local" (with an A record pointing to its IP), or is actually part of the domain ""?

What type of authentication are you trying to use?  Just Basic, or another type?

In IIS Manager go to the properties of the Exchange virtual directory > Directory Security tab. > Authentication and Access Control.  What do you have for authentication and default domain?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Reece DoddsAuthor Commented:
@ footech:  
The exchange server is not a DNS server.
"computers outside the office" are not joined to the domain or even the same network.
the exchange server is part of the domain "" with it's own public IP and FQDN.
it is using Basic authentication, the default domain is "EMAILDOMAIN" (without the

It is only computers in the new local domain that are having the issue and it is easy enough to modify the login prompt so instead of saying "LOCALDOMAIN\username" it says "LOCALCOMPUTER\username", but only I will know to do that.  I don't expect our all important bosses to need to (or know how to) change that.

I will try a DNS forward on the new local domain's DNS.   I know that the old DNS server (which wasn't a domain controller or part of a domain at all) DID have a number of DNS entries...
What version of Exchange are you using?  Are you using a FE/BE configuration?

When I access OWA with only basic authentication I get a pop up for credentials but it doesn't include a domain by default.  What browser and OS are you using?
Reece DoddsAuthor Commented:
front end only.  It's not in a DMZ, just a public side of the firewall.
It's Exchange 2003 on Server 2003 Standard R2.

Most systems are XP Pro (SP3) with IE8.  Some are Win7 and IE9.

It's not doing it anymore though.  Possibly because I created the DNS entry, but I can't be sure.
I wish I could know what the issue was... so I'm going to remove the DNS forwarder that I added and see if the issue comes back.  
I think I know the "why" behind it (at least some of it).  I was able to duplicate what you are seeing when accessing OWA from a member of a different domain.  The only time I see the domain included in the credentials prompt is when Integrated Windows Authentication is used.  In a FE/BE scenario, the FE server only has Basic Authentication set on the /Exchange VD, so you never see the issue.  On a BE server, the /Exchange VD has both Basic and Integrated set.  When you have only one server, it is a BE.  Unfortunately, I can't tell  you if unchecking the Integrated Windows Authentication would break any other functionality.  In a quick test I didn't notice any problems however.   Another work-around (though tedious), is to disable the ability to use Windows Integrated Authentication in IE, under the advanced settings.
Reece DoddsAuthor Commented:
I've requested that this question be deleted for the following reason:

Although some suggestions were helpful in trying to determine what the problem was, the problem no longer exists and no changes were made to the server config that had any effect.<br />So, I'm asking this question to be deleted due to the problem &quot;fixing itself&quot;.<br />thanks to the experts who commented though.
Reece DoddsAuthor Commented:
My reason is: Actually... the issue is still present.  But I've found that it localised to one client PC only.
All other Win XP computers can access webmail without needing to specify a domain for the username.
Reece DoddsAuthor Commented:
Thanks for explaining that.  Don't understand why no-one else could point that out.
If anyone knows of a workaround, I'd love to know it, but until then, I'll have to provide instruction on what to do.

Sorry I didn't get back to this sooner.  I try not to leave any questions I'm participating in hanging, so, my apologies.  I should have pointed out that most of what you're seeing is typical.  The twist is that you weren't seeing it on all of the machines on the local domain (which is baffling).  I was going to ask, why the separate domain for the email?

One thing that may help you:
Everyone should be able to use "EMAILDOMAIN\user" instead of "LOCALCOMPUTER\user", so each user doesn't have to know the name of the computer they're using.  As a side note, even for home users I recommend doing this as providing just the username is often enough, but I've also seen where some functions don't work unless the credentials are passed as DOMAIN\user.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.