Exchange 2013 Non-Domain Outlook 2010 Username and Password Prompt

I have a fresh build Server 2010 with Exchange 2013 with the latest updates for exchange installed.

I have setup a Self signed SSL for Exchange and all domain joined clients connect to exchange no problems. Non domain users however get the following problem.

Setup new Profile, enter details, displays SSL, all ok execpt not from trusted source. Add the SSL to the trusted root certificate then it asks for username and password.

No matter what iteration i use. domain\user, user@domain, user it keeps prompting for username and password.

Any suggestions on this?
LVL 2
purpleoakAsked:
Who is Participating?
 
AmitConnect With a Mentor IT ArchitectCommented:
Purchase third party SAN cert and apply it for External users
0
 
purpleoakAuthor Commented:
who do you recommend. I need to get this applied tonight so i need ones that can be approved instantly if possible.
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi,

Are the users created in AD and mail enabled(in exchangemanager)? If so, can they logon to OWA?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AmitIT ArchitectCommented:
Digicert and Godday both are good. However, before you order it. first test it using exrca.com site. Where it is failing.

Second for non domain users, you need to use Outlook Anywhere. Read this article.
http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx

In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.

Which means for internal self signed works, however for external you need SSL cert

how to implement
http://msexchangeguru.com/2013/01/10/e2013-outlook-anywhere/
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Could be Autodiscover as well. Ensure that autodiscover.example.com resolves to your Exchagne server and not a web host.

If the domain is a .com/.net or any other domain that has the email address in the public WHOIS information then GODaddy (or a reseller) can turn the certificate round in less than an hour. Other domains can take longer.

Simon.
0
 
purpleoakAuthor Commented:
Installing the SSL certificate has worked and all external non domain clients can connect correctly. However now internal users get an error regarding the certificate. It is because the servers FQDN isnt in the certificate. the server is 5RGS003.5rings.local which isnt used externally. I have changed all internal URLS to be the same as the external URL and still no luck.

Further suggestions?

Kind Regards
Ashley
0
 
AmitIT ArchitectCommented:
Add server name to SSL cert too. Else you need a HLB or NLB.
0
 
purpleoakAuthor Commented:
the server FQDN is 5RGS003.5rings.local do i add that or 5rings.local i thought this might be the answer http://365command.com/justins-tech-tip-of-the-week-alleviate-local-ssl-cert-pop-ups/ which removed the outlook error however it wont connect just keeps asking for the username and password.
0
 
purpleoakAuthor Commented:
it looks like i was on the right track however i need to restart the application pool for autodiscover.

check the part at the bottom of the link.

http://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

thanks for all your help. I leave this open a bit long as i may blunder into more problems. Thanks very much however.

Kind Regards
Ashley
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You cannot have internal server names on a public SSL certificate from November 2015. Therefore it is now best practises to change everything to use the external host names internally as well, via split DNS.

My article on what to change for Exchange 2010 applies to Exchange 2013 as well.
http://semb.ee/hostnames

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.