?
Solved

Exchange 2010 : MS Outlook asking for user name/password poping up

Posted on 2011-10-18
24
Medium Priority
?
427 Views
Last Modified: 2012-08-14
Hi,

We have upgraded our server from Exchange 2003 to Exchange 2010, everything is working fine except users complain that Ms Outlook User Name password comes up, for some users it ask one time in a day for others multiple times,

Our Scenario:

2 --- CAS server
2 --- Data Base server

TMG  Server
SMTP Gatway

Vendor (who did the migration) is telling from his side everything is perfect and working fine it shall be local machine or the Outlook issue, as i am new to Exchange 2010 i need the experts help for this to be resolved ASAP...


Awaiting for your quick help,

Regards,


Tan.
0
Comment
Question by:tanveer_hussain
  • 11
  • 3
  • 3
  • +3
22 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36990713
Your autodiscover is not set.

Get a different vendor.

Having said that... :)
Please run this from shell.

get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-webservicesvirtualdirectory | fl
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36990716
There could be several causes to this but:
-Do the clients connect directly or do they use outlook anywhere?
-check if they have cached credentials in their pc (control panel-->accounts-->credential management)
-remove profile/account and setup again
0
 

Author Comment

by:tanveer_hussain
ID: 36990830
Thanks for your quick reply:

Sunnyc:

As per your request i have run the commend and got results for all,

DistinguishedName :CN=Autodiscover (Default Web site),CN=HTTP,CN=Protocols,CN=server,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=(Domain Name),CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain Name,DC=com

Anything more required can provide ..


Setasoujiro:

1) Clients connecting directly
2) (pls. if you can more specific)
3)removed added the profile account,


To be more specific this is not for all users few user are facing this issue,

Vendor is telling this can be update issue so today i tried with updating the windows with latest patch and installed Ms Office 2010 with Latest service patch .i.e. sp1but still getting the pop ups,



Thanks,

Tan.










0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36990848
windows 7/vista have a credential cache, so if they connected to a server with some credentials , they might be cached there
ctrl panel-->user accounts-->credential manager
look for credentials for said server and delete them

also as sunnyc7 said, is autodiscover configured in your dns as an A record pointing to the cas?
0
 

Author Comment

by:tanveer_hussain
ID: 36990867
Sorry i missed, all my clients machines are XP Pro,

autodiscover.Server.com (yes this is configured in my DNS- Forward lookup zone)


Thanks,

Tan
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36990876
ok and these outlook connect to server.com, and not .local correct?

also check the autoconfiguration test to see if there are errors:
hold ctrl, rightclick outlook tray icon-->test auto configuration

0
 

Author Comment

by:tanveer_hussain
ID: 36990907
Yes its not .local!

I tested auto configuration its is working fine without any errors,

Regards,

Tan.
0
 
LVL 6

Expert Comment

by:sumit_arora
ID: 36991159
so here is the Thing. Inside the domain Outlook connect to SCP that CAS server Internal FQDN or if you have changed it to some other value.  autodiscover.Server.com  is only used from Outside the domain not for domain joined machine, so internally that record is not required.

if you are using Outlook anywhere, then use EMC to chnage it to use NTLM in place of Basic authetication. That  will take care of your issue.  
0
 

Author Comment

by:tanveer_hussain
ID: 36991471
yes,we are not using outlook anywhere but in the Ms Outlooksetting i can see that is configured and when ever the password pops up it is looking for outlook anywhere address, .i.e. webmail.server.com address, after that we need to cancel this pop up and press the connent button which option is there in 2010 office,


Thanks,

Tan.
0
 
LVL 6

Expert Comment

by:sumit_arora
ID: 36991564
Open exchange management console
=============================

server configuration--> Client acess server --> right click CAS server --> disable outlook anywhere or enable NTLM authentication.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36994261
Tanveer
Please run those 3 commands from Exchange shell, and copy paste the output here

thanks
0
 

Author Comment

by:tanveer_hussain
ID: 36998861
I will not responding for 2 days as we have weekend here....

Regards,

Tan.
0
 

Author Comment

by:tanveer_hussain
ID: 37015899
Sunnyc7,

Any recommendation from your side after going through that logs,

I tried to do this things:

1) windows full updates on the machines which are having issue,

2) If there are two S-1-xxxx-xxx-xxx-xx folders deleted them and it was recreated:

C:\Documents and Settings\User_profile\Application Data\Microsoft\Protect

After doing the above things also the password pops are coming only when the machine is restarted or one/two times in a day, is this common or the users shall not be asked for Passwords at all as i heard that Office 2007/2010 are intelligent enough to handle this things without user putting there passwords always  ??


one more question if suppose for some reason if one of our CAS server (which is in load balance .i.e. two servers CAS01 and CAS02 for example) is down and the users are getting shifted to another redundant server do the User Name/ Password shall pop up for users in MS outlook???


Thanks and regards,

Tan.

0
 
LVL 16

Expert Comment

by:Auric1983
ID: 37027636
Tan,

If you hold CTRL, and right click on the outlook icon in the taskbar, and select "Test Email Autoconfiguration"  uncheck the two checkboxes to do with Guessmart and click TEST.

1. Are the clients experiencing the problem joined to the domain or are they outside using outlook anywhere?
2. Did you load a UCC/SAN cert for your FQDN, as well as autodiscover.domain.com etc?
0
 

Author Comment

by:tanveer_hussain
ID: 37029225
we are using outlook internally, so the clients which are connected to the domain are experiencing this issue, but the auto discover feature is enabled as well.


Regards,

Tan.
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 37030618
Did the vendor install a SAN certificate on  your exchange server? Or are you using the self signed certificate generated by exchange?
0
 

Author Comment

by:tanveer_hussain
ID: 37035919
self signed certificate !

regards,

tan.
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 37037614
That is your problem then.  

Two solutions

1. Install certificate on each and every workstation *This will only work for INTERNAL access*
2. Purchase a UCC/SAN certificate from a public certificate authority such as verisign, digicert etc.  

0
 
LVL 22

Expert Comment

by:chakko
ID: 37042979
You can make a self-signed SSL that 'works like a SAN UCC certificate'

I used the SelfSSL tool from the IIS resource kit.
When you create the SSL, at the command line part for CN=host.domain.com
put in all of your SAN names (internal and external names plus HOST) separated by commas, for the CN you want to show first on the SSL, put that last on the list

example:
selfssl /T /N:cn=internalmail.domain.local,cn=autodiscover.domain.com,cn=INTERNALMAIL,cn=mail.domain.com /K:1024 /V:3650

When you generate the .cer file open it and take a look at it.  The Issued To and Issued By need to be the same (makes it easier).  
Next, ou import that SSL for use by Exchange

On the computers that need to connect, you need to import the SSL.  Easiest way is to open OWA webpage, and import the SSL into the Trusted Root.....store via Internet Explorer.

After that the popups should stop both inside and outside
0
 

Accepted Solution

by:
tanveer_hussain earned 0 total points
ID: 37060705
Thanks for all your help,

The vendor company Engineer have done the following things:

- created public folder
-  changed Negotiate Authentication to Password authentication(NTLM)
- did some more changes in CAS server (which will discuss with him and will update)
- asked me to do full windows update,

After I run the windows update user name / password is not coming up again for users,

I don't know what was the issue was the certificate or windows update or public folder or authentication method,

I will try to discuss more on this with vendor and update you all in coming days,

Thanks for all your support in advance !!!

Regards,

Tan.

0
 

Author Closing Comment

by:tanveer_hussain
ID: 37646115
thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question