awilderbeast
asked on
OAB NTLM authentication failing, all settings are set to MS recomendations
Hi All,
Some users are getting OAB prompts, ive checked the logs and have attached the event screen.
I have set OAB authentication permissions as per MS recommendations
http://technet.microsoft.com/en-us/library/gg247612
and the OAB permissiosn as per
http://pkjayan.wordpress.com/2010/07/25/downloading-exchange-2010-offline-address-book-fails/
It may be worth noting that our primary email addresses are, ourdomain.com and our actual domain name is ourdomain.co.uk, could it be possible that ourdomain.com is being sent as part as the username for ntlm auth? can we make it do domain\username for OAB? that possible?
THanks
Some users are getting OAB prompts, ive checked the logs and have attached the event screen.
I have set OAB authentication permissions as per MS recommendations
http://technet.microsoft.com/en-us/library/gg247612
and the OAB permissiosn as per
http://pkjayan.wordpress.com/2010/07/25/downloading-exchange-2010-offline-address-book-fails/
It may be worth noting that our primary email addresses are, ourdomain.com and our actual domain name is ourdomain.co.uk, could it be possible that ourdomain.com is being sent as part as the username for ntlm auth? can we make it do domain\username for OAB? that possible?
THanks
Are you using the domain on the username? e.g. DOMAIN\Username or Username@Domain?
ASKER
What do you mean using? using where?
when the user gets the prompt we put in domain\username and oab authentciates correctly until next reboot, but after reboot NTLM failures again
when the user gets the prompt we put in domain\username and oab authentciates correctly until next reboot, but after reboot NTLM failures again
Thanks for the update?
How do you get it working after the reboot? I am really confused.
Also, Best Practice is not to use an external domain on an internal network. I would've used OurDomain.Local (rather than .co.uk) but as long as you put the login credentials as "OURDOMAIN.CO.UK\Username" .
The other thing you need to look at is the domain under the NTLM Authentication.
How do you get it working after the reboot? I am really confused.
Also, Best Practice is not to use an external domain on an internal network. I would've used OurDomain.Local (rather than .co.uk) but as long as you put the login credentials as "OURDOMAIN.CO.UK\Username"
The other thing you need to look at is the domain under the NTLM Authentication.
ASKER
After the reboot we have to type credentials in again. this only happens with OAB, all other outlook features work fine.
Changing the domain name is not an option.
yes to bypass the error we use domain\user and it works, but next time the address book tries to download again after a reboot it fails and we get prompted again.
where is the domain under ntlm set?
Changing the domain name is not an option.
yes to bypass the error we use domain\user and it works, but next time the address book tries to download again after a reboot it fails and we get prompted again.
where is the domain under ntlm set?
The domain under NTLM wouldnt help.
Have you got any SSL Certificate? And is it trusted root?
Have you got any SSL Certificate? And is it trusted root?
ASKER
Yeah we have a cert installed and it is trusted. OAB doesnt use certificates anyway does it?
ASKER
any update?
Sorry for the delay in coming back to you.
Can we arrange for remote access the systems and you can show me where the problem is.
Can we arrange for remote access the systems and you can show me where the problem is.
ASKER
Sorry not possible, can i provide you any more info that may help?
Please post the OAB prompts you are getting
You there?
ASKER
hi, yes, im just waiting for a user to report the prompt again and i will get a screen, but i can describe it in the meantime
connecting to MAIL
username@domain.com (this is the bit that makes me think its sending domain.com instead of domain.co.uk to the mail server and this is why its failing)
and as shown above you can see the NTLM fail in event viewer.
Thanks
connecting to MAIL
username@domain.com (this is the bit that makes me think its sending domain.com instead of domain.co.uk to the mail server and this is why its failing)
and as shown above you can see the NTLM fail in event viewer.
Thanks
I am not sure what's happening and why. What is the Internal URI and External URI on your exchange server?
ASKER
Internal URL is: https://mail.domain.co.uk/OAB, only happening for some users, id say ~10-15%
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
outlook profiles recreated