Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2013 Non-Domain Outlook 2010 Username and Password Prompt

Posted on 2013-07-01
10
Medium Priority
?
1,806 Views
Last Modified: 2013-07-03
I have a fresh build Server 2010 with Exchange 2013 with the latest updates for exchange installed.

I have setup a Self signed SSL for Exchange and all domain joined clients connect to exchange no problems. Non domain users however get the following problem.

Setup new Profile, enter details, displays SSL, all ok execpt not from trusted source. Add the SSL to the trusted root certificate then it asks for username and password.

No matter what iteration i use. domain\user, user@domain, user it keeps prompting for username and password.

Any suggestions on this?
0
Comment
Question by:purpleoak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 44

Accepted Solution

by:
Amit earned 668 total points
ID: 39291101
Purchase third party SAN cert and apply it for External users
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291103
who do you recommend. I need to get this applied tonight so i need ones that can be approved instantly if possible.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39291122
Hi,

Are the users created in AD and mail enabled(in exchangemanager)? If so, can they logon to OWA?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 44

Expert Comment

by:Amit
ID: 39291124
Digicert and Godday both are good. However, before you order it. first test it using exrca.com site. Where it is failing.

Second for non domain users, you need to use Outlook Anywhere. Read this article.
http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx

In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.

Which means for internal self signed works, however for external you need SSL cert

how to implement
http://msexchangeguru.com/2013/01/10/e2013-outlook-anywhere/
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1332 total points
ID: 39291169
Could be Autodiscover as well. Ensure that autodiscover.example.com resolves to your Exchagne server and not a web host.

If the domain is a .com/.net or any other domain that has the email address in the public WHOIS information then GODaddy (or a reseller) can turn the certificate round in less than an hour. Other domains can take longer.

Simon.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291475
Installing the SSL certificate has worked and all external non domain clients can connect correctly. However now internal users get an error regarding the certificate. It is because the servers FQDN isnt in the certificate. the server is 5RGS003.5rings.local which isnt used externally. I have changed all internal URLS to be the same as the external URL and still no luck.

Further suggestions?

Kind Regards
Ashley
0
 
LVL 44

Expert Comment

by:Amit
ID: 39291485
Add server name to SSL cert too. Else you need a HLB or NLB.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291493
the server FQDN is 5RGS003.5rings.local do i add that or 5rings.local i thought this might be the answer http://365command.com/justins-tech-tip-of-the-week-alleviate-local-ssl-cert-pop-ups/ which removed the outlook error however it wont connect just keeps asking for the username and password.
0
 
LVL 2

Author Comment

by:purpleoak
ID: 39291516
it looks like i was on the right track however i need to restart the application pool for autodiscover.

check the part at the bottom of the link.

http://www.digicert.com/ssl-support/redirect-internal-exchange-san-names.htm

thanks for all your help. I leave this open a bit long as i may blunder into more problems. Thanks very much however.

Kind Regards
Ashley
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1332 total points
ID: 39291526
You cannot have internal server names on a public SSL certificate from November 2015. Therefore it is now best practises to change everything to use the external host names internally as well, via split DNS.

My article on what to change for Exchange 2010 applies to Exchange 2013 as well.
http://semb.ee/hostnames

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question