?
Solved

Exchange 2013 Non-Domain Outlook 2010 Username and Password Prompt

Posted on 2013-07-01
10
Medium Priority
?
1,788 Views
Last Modified: 2013-07-03
I have a fresh build Server 2010 with Exchange 2013 with the latest updates for exchange installed.

I have setup a Self signed SSL for Exchange and all domain joined clients connect to exchange no problems. Non domain users however get the following problem.

Setup new Profile, enter details, displays SSL, all ok execpt not from trusted source. Add the SSL to the trusted root certificate then it asks for username and password.

No matter what iteration i use. domain\user, user@domain, user it keeps prompting for username and password.

Any suggestions on this?
0
Comment
Question by:purpleoak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 44

Accepted Solution

by:
Amit earned 668 total points
ID: 39291101
Purchase third party SAN cert and apply it for External users
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291103
who do you recommend. I need to get this applied tonight so i need ones that can be approved instantly if possible.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39291122
Hi,

Are the users created in AD and mail enabled(in exchangemanager)? If so, can they logon to OWA?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 44

Expert Comment

by:Amit
ID: 39291124
Digicert and Godday both are good. However, before you order it. first test it using exrca.com site. Where it is failing.

Second for non domain users, you need to use Outlook Anywhere. Read this article.
http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx

In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.

Which means for internal self signed works, however for external you need SSL cert

how to implement
http://msexchangeguru.com/2013/01/10/e2013-outlook-anywhere/
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1332 total points
ID: 39291169
Could be Autodiscover as well. Ensure that autodiscover.example.com resolves to your Exchagne server and not a web host.

If the domain is a .com/.net or any other domain that has the email address in the public WHOIS information then GODaddy (or a reseller) can turn the certificate round in less than an hour. Other domains can take longer.

Simon.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291475
Installing the SSL certificate has worked and all external non domain clients can connect correctly. However now internal users get an error regarding the certificate. It is because the servers FQDN isnt in the certificate. the server is 5RGS003.5rings.local which isnt used externally. I have changed all internal URLS to be the same as the external URL and still no luck.

Further suggestions?

Kind Regards
Ashley
0
 
LVL 44

Expert Comment

by:Amit
ID: 39291485
Add server name to SSL cert too. Else you need a HLB or NLB.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291493
the server FQDN is 5RGS003.5rings.local do i add that or 5rings.local i thought this might be the answer http://365command.com/justins-tech-tip-of-the-week-alleviate-local-ssl-cert-pop-ups/ which removed the outlook error however it wont connect just keeps asking for the username and password.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291516
it looks like i was on the right track however i need to restart the application pool for autodiscover.

check the part at the bottom of the link.

http://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

thanks for all your help. I leave this open a bit long as i may blunder into more problems. Thanks very much however.

Kind Regards
Ashley
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1332 total points
ID: 39291526
You cannot have internal server names on a public SSL certificate from November 2015. Therefore it is now best practises to change everything to use the external host names internally as well, via split DNS.

My article on what to change for Exchange 2010 applies to Exchange 2013 as well.
http://semb.ee/hostnames

Simon.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses
Course of the Month10 days, 19 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question