Solved

Exchange 2013 Non-Domain Outlook 2010 Username and Password Prompt

Posted on 2013-07-01
10
1,767 Views
Last Modified: 2013-07-03
I have a fresh build Server 2010 with Exchange 2013 with the latest updates for exchange installed.

I have setup a Self signed SSL for Exchange and all domain joined clients connect to exchange no problems. Non domain users however get the following problem.

Setup new Profile, enter details, displays SSL, all ok execpt not from trusted source. Add the SSL to the trusted root certificate then it asks for username and password.

No matter what iteration i use. domain\user, user@domain, user it keeps prompting for username and password.

Any suggestions on this?
0
Comment
Question by:purpleoak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 43

Accepted Solution

by:
Taurus earned 167 total points
ID: 39291101
Purchase third party SAN cert and apply it for External users
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291103
who do you recommend. I need to get this applied tonight so i need ones that can be approved instantly if possible.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39291122
Hi,

Are the users created in AD and mail enabled(in exchangemanager)? If so, can they logon to OWA?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 43

Expert Comment

by:Taurus
ID: 39291124
Digicert and Godday both are good. However, before you order it. first test it using exrca.com site. Where it is failing.

Second for non domain users, you need to use Outlook Anywhere. Read this article.
http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx

In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.

Which means for internal self signed works, however for external you need SSL cert

how to implement
http://msexchangeguru.com/2013/01/10/e2013-outlook-anywhere/
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 333 total points
ID: 39291169
Could be Autodiscover as well. Ensure that autodiscover.example.com resolves to your Exchagne server and not a web host.

If the domain is a .com/.net or any other domain that has the email address in the public WHOIS information then GODaddy (or a reseller) can turn the certificate round in less than an hour. Other domains can take longer.

Simon.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291475
Installing the SSL certificate has worked and all external non domain clients can connect correctly. However now internal users get an error regarding the certificate. It is because the servers FQDN isnt in the certificate. the server is 5RGS003.5rings.local which isnt used externally. I have changed all internal URLS to be the same as the external URL and still no luck.

Further suggestions?

Kind Regards
Ashley
0
 
LVL 43

Expert Comment

by:Taurus
ID: 39291485
Add server name to SSL cert too. Else you need a HLB or NLB.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291493
the server FQDN is 5RGS003.5rings.local do i add that or 5rings.local i thought this might be the answer http://365command.com/justins-tech-tip-of-the-week-alleviate-local-ssl-cert-pop-ups/ which removed the outlook error however it wont connect just keeps asking for the username and password.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291516
it looks like i was on the right track however i need to restart the application pool for autodiscover.

check the part at the bottom of the link.

http://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

thanks for all your help. I leave this open a bit long as i may blunder into more problems. Thanks very much however.

Kind Regards
Ashley
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 333 total points
ID: 39291526
You cannot have internal server names on a public SSL certificate from November 2015. Therefore it is now best practises to change everything to use the external host names internally as well, via split DNS.

My article on what to change for Exchange 2010 applies to Exchange 2013 as well.
http://semb.ee/hostnames

Simon.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
In-place Upgrading Dirsync to Azure AD Connect
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question