Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Outlook client asks for a username and password. Exchange server 2013

Posted on 2013-06-13
5
Medium Priority
?
1,392 Views
Last Modified: 2013-07-01
Hi

Currently in the process of migrating from Exchange 2007 to Exchange 2013, everything is working as expected, except outlook clients are prompted for username and password.

To explain further. We have a split DNS configuration as we have a non route-able internal domain name (domain.local). Split DNS is configured as follows:

mail.domain.com internally points to the exchange 2013 server
mail.domain.com externally points to the external address of the 2013 server which is behind a firewall.

We have a secure certificate with mail.domian.com and autodiscover.domain.com installed and OWA and Active sync are all working as expected.

All the virtual directories are configured both externally and internally to match mail.domain.com so we don't get any certificate warnings internally etc.

When I set up a test mailbox on Exchange 2013 and then set up a clients outlook, autodiscover goes off and finds the account and then tries to authenticate. The problem is that outlook tries to log in with the following account:

user@domain.com - which is the users email address not the users AD account.

In order to get the user connected I have to change the login to user@domain.local

How can we get round this problem so that outlook doesn't need to prompt for the username and password?

Thanks in advance.
0
Comment
Question by:vmdude
  • 2
  • 2
5 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39244481
If your Outlook clients are configured to use the public facing OWA name, such as 'mail.domain.com', you cannot avoid the login credential request and this is normal behavior.

The same thing applies to Exchange 2010.
0
 
LVL 6

Author Comment

by:vmdude
ID: 39244509
Ok thanks I just wanted clarification. So there is no way round this without putting the internal server name on the certificate and changing the internal outlook clients to use that address?

This is fine with domains that have route-able active directory owned domains that they own but no so good with non route-able AD domains then as local names on certificate are not allowed going forward. :(
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39244528
You cannot put the internal names on the SSL certificate, so that isn't the solution.
You need to ensure that Exchange has been configured with the external host name everywhere. There are quite a few places where it needs to be changed.
I haven't written a version for Exchange 2013, but the 2010 list is the same:
http://semb.ee/hostnames

Do ensure that you have the correct host name for Outlook Anywhere as well.

As for being unable to avoid the login request - that isn't the case either. With the correct authentication setup and SSL you will not get the prompts IF the client is on the domain.

Simon.
0
 
LVL 6

Author Comment

by:vmdude
ID: 39244796
Thanks,

I have double checked all the external host-names are configured everywhere and have confirmed this with the fact that I do not receive any certificate warnings and that the test email auto configuration shows only the external host names.
The hostname for Outlook Anywhere is also configured correctly

That brings me to a conclusion that it might be authentication

I have set both external and internal and external client authentication methods to NTLM

Still getting prompted
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39244991
After you changed the authentication settings, did you run IISRESET? If not then you should, as the change doesn't take effect immediately.

Otherwise you are going to have to identify which element is causing the prompt. An Autodiscover test (hold down CTRL, right click on icon in system tray) may help.

Simon.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question