Exchange 2007 + Outlook 2010 Asking for password

Superfundi
Superfundi used Ask the Experts™
on
Current Environment

srv1 - Hub Transport, CAS, Mailbox - Exchange 2007 SP3
srv2 - CAS, Mailbox - Exchange 2007 Sp1 rollup 10
srv3 - CAS, Mailbox - Exchange 2007 Sp1 rollup 10
srv4 - CAS, Mailbox - Exchange 2007 Sp1 rollup 8


We have recently upgraded srv1 to exchange sp3 from Exchange sp1. This server was upgraded to try to eliminate the outlook asking for a password. Clients connected to srv1 still are getting this issue.

Clients are running Windows 7 + Outlook 2010
we have removed, KB2553248 which removed half of the issue, laptop users now no longer get prompted for smart card , but desktop users are still getting prompted for a password.

Any help would be much appreciated.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hello,

I have done this in single exchange server domains so you may want to do some digging before following the advice.

In outlook check your account settings / more settings/ connection and check the "Exchange proxy settings".  I would guess that your proxy authentication settings are set to Basic Authentication as this is the default.  In exchange 2007/2010 you can either have your authentication set to Basic or NTLM.  If you set the server to NTLM it will used the logged on credentials from windows and not ask for a password.  If it is set to basic you will be prompted for a password.

To change this on your Transport exchange server open the exchange management console then expand Server configuration\Client Access, select properties and go to the Outlook Anywhere tab and change the authentication to NTLM authentication.

WARNING: this is universal so everyone's settings would change, meaning that people using non domain computers would not be able to use Outlook to access the mail as they are not logged on to the computer with domain credentials.

Cheers,

Tony
Hello

Did you had autodiscovery configured on the Exchange and the client? Usually that is happening when autodiscovery is not OK.

Dan
All Exchnage servers should be at the same service pack and rollup level

CAS servers should be upgraded before mailbox servers.

Are you using RPC over HTTPS or MAPI for your Outlook clients ?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Clients connect via RPC over HTTPS, Auto-discover is configured correctly, also tested with exchange connectivity analyzer.

Just to clarify a few things,

Users get the password prompt and are unable to enter credentials at all.

This issue seams to only exist in 2010+Windows 7 environment.

At this stage bring all servers upto exchange 2007 sp3, will let you know how it goes.



Thank you for your help so far.

Author

Commented:
I have just updated all servers to Exchange 2007 SP3,the issue is still occurring any help would be greatly appreciated.
"Users get the password prompt and are unable to enter credentials at all."

Do you mean they can't type in the box, or it does not accept the password?  There was a windows update a couple of weeks ago that cleared cached credentials and if your mail was set to Basic authentication you had to put your username and password in again in the format domain\username then password.

Author

Commented:
The user is unable to type any details into the dialogue box. Using NTLM auth.
You should configure Basic auth on the servers and on the clients.
Assuming that these computers are on the same domain as the exchange server there is a slight chance it may be a problem with cached credentials.  On one of the effected machine open Control Panel \ User Accounts \ Credential Manager.  If you see anything in there refering to your mailserver delete it, reboot and see if outlook will open then.
It could be that your autodiscover information is advertising the wrong type of authentication, i.e. it states basic, but server is only accepting NTLM.

Author

Commented:
Hi Thank you everyone for all of your help at this stage its seams the issue has been resolved, but before any point or solution is added i would like to let you know that i am waiting 48 hrs just to ensure that the issue has been resolved.

once again thank you all for you input.

Author

Commented:
Thank you tonyperth this was part of the issue also upgrading all server to the same service may have helped.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial