Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Outlook client asks for a username and password. Exchange server 2013

Posted on 2013-06-13
5
Medium Priority
?
1,394 Views
Last Modified: 2013-07-01
Hi

Currently in the process of migrating from Exchange 2007 to Exchange 2013, everything is working as expected, except outlook clients are prompted for username and password.

To explain further. We have a split DNS configuration as we have a non route-able internal domain name (domain.local). Split DNS is configured as follows:

mail.domain.com internally points to the exchange 2013 server
mail.domain.com externally points to the external address of the 2013 server which is behind a firewall.

We have a secure certificate with mail.domian.com and autodiscover.domain.com installed and OWA and Active sync are all working as expected.

All the virtual directories are configured both externally and internally to match mail.domain.com so we don't get any certificate warnings internally etc.

When I set up a test mailbox on Exchange 2013 and then set up a clients outlook, autodiscover goes off and finds the account and then tries to authenticate. The problem is that outlook tries to log in with the following account:

user@domain.com - which is the users email address not the users AD account.

In order to get the user connected I have to change the login to user@domain.local

How can we get round this problem so that outlook doesn't need to prompt for the username and password?

Thanks in advance.
0
Comment
Question by:vmdude
  • 2
  • 2
5 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39244481
If your Outlook clients are configured to use the public facing OWA name, such as 'mail.domain.com', you cannot avoid the login credential request and this is normal behavior.

The same thing applies to Exchange 2010.
0
 
LVL 6

Author Comment

by:vmdude
ID: 39244509
Ok thanks I just wanted clarification. So there is no way round this without putting the internal server name on the certificate and changing the internal outlook clients to use that address?

This is fine with domains that have route-able active directory owned domains that they own but no so good with non route-able AD domains then as local names on certificate are not allowed going forward. :(
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39244528
You cannot put the internal names on the SSL certificate, so that isn't the solution.
You need to ensure that Exchange has been configured with the external host name everywhere. There are quite a few places where it needs to be changed.
I haven't written a version for Exchange 2013, but the 2010 list is the same:
http://semb.ee/hostnames

Do ensure that you have the correct host name for Outlook Anywhere as well.

As for being unable to avoid the login request - that isn't the case either. With the correct authentication setup and SSL you will not get the prompts IF the client is on the domain.

Simon.
0
 
LVL 6

Author Comment

by:vmdude
ID: 39244796
Thanks,

I have double checked all the external host-names are configured everywhere and have confirmed this with the fact that I do not receive any certificate warnings and that the test email auto configuration shows only the external host names.
The hostname for Outlook Anywhere is also configured correctly

That brings me to a conclusion that it might be authentication

I have set both external and internal and external client authentication methods to NTLM

Still getting prompted
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39244991
After you changed the authentication settings, did you run IISRESET? If not then you should, as the change doesn't take effect immediately.

Otherwise you are going to have to identify which element is causing the prompt. An Autodiscover test (hold down CTRL, right click on icon in system tray) may help.

Simon.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question