Solved

Exchange 2013 Non-Domain Outlook 2010 Username and Password Prompt

Posted on 2013-07-01
10
1,702 Views
Last Modified: 2013-07-03
I have a fresh build Server 2010 with Exchange 2013 with the latest updates for exchange installed.

I have setup a Self signed SSL for Exchange and all domain joined clients connect to exchange no problems. Non domain users however get the following problem.

Setup new Profile, enter details, displays SSL, all ok execpt not from trusted source. Add the SSL to the trusted root certificate then it asks for username and password.

No matter what iteration i use. domain\user, user@domain, user it keeps prompting for username and password.

Any suggestions on this?
0
Comment
Question by:purpleoak
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 41

Accepted Solution

by:
Amit earned 167 total points
ID: 39291101
Purchase third party SAN cert and apply it for External users
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291103
who do you recommend. I need to get this applied tonight so i need ones that can be approved instantly if possible.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39291122
Hi,

Are the users created in AD and mail enabled(in exchangemanager)? If so, can they logon to OWA?
0
 
LVL 41

Expert Comment

by:Amit
ID: 39291124
Digicert and Godday both are good. However, before you order it. first test it using exrca.com site. Where it is failing.

Second for non domain users, you need to use Outlook Anywhere. Read this article.
http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx

In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.

Which means for internal self signed works, however for external you need SSL cert

how to implement
http://msexchangeguru.com/2013/01/10/e2013-outlook-anywhere/
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 333 total points
ID: 39291169
Could be Autodiscover as well. Ensure that autodiscover.example.com resolves to your Exchagne server and not a web host.

If the domain is a .com/.net or any other domain that has the email address in the public WHOIS information then GODaddy (or a reseller) can turn the certificate round in less than an hour. Other domains can take longer.

Simon.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 2

Author Comment

by:purpleoak
ID: 39291475
Installing the SSL certificate has worked and all external non domain clients can connect correctly. However now internal users get an error regarding the certificate. It is because the servers FQDN isnt in the certificate. the server is 5RGS003.5rings.local which isnt used externally. I have changed all internal URLS to be the same as the external URL and still no luck.

Further suggestions?

Kind Regards
Ashley
0
 
LVL 41

Expert Comment

by:Amit
ID: 39291485
Add server name to SSL cert too. Else you need a HLB or NLB.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291493
the server FQDN is 5RGS003.5rings.local do i add that or 5rings.local i thought this might be the answer http://365command.com/justins-tech-tip-of-the-week-alleviate-local-ssl-cert-pop-ups/ which removed the outlook error however it wont connect just keeps asking for the username and password.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291516
it looks like i was on the right track however i need to restart the application pool for autodiscover.

check the part at the bottom of the link.

http://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

thanks for all your help. I leave this open a bit long as i may blunder into more problems. Thanks very much however.

Kind Regards
Ashley
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 333 total points
ID: 39291526
You cannot have internal server names on a public SSL certificate from November 2015. Therefore it is now best practises to change everything to use the external host names internally as well, via split DNS.

My article on what to change for Exchange 2010 applies to Exchange 2013 as well.
http://semb.ee/hostnames

Simon.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now