Glyn Merritt
asked on
Outlook 2010 Exchange 2010 Outlook anywhere password prompt
We have just migrated from Exchange 2003 to Exchange 2010 on Server 2012.
We only have the single server 2003 and now 2010 servers without any proxy etc so its a simple setup..
I’m yet to decommission the old server and all appears to be working fine apart from when an outlook 2010 users use outlook while out of the domain environment they get prompted for a password shortly after opening outlook 2/3 mins. Email still flows but the prompt keeps popping up.
I’ve tried deleting everything in credential manager and also deleting the outlook profile and recreating but with no joy.
Autodiscover is configured and appears to be working fine with a GoDaddy certificate.
Webmail is working fine externally (I’ve changed it so users only enter in their username rather that the domain too)
I’m guessing I’ll have to give you more information so please just let me know what you need to know.
We only have the single server 2003 and now 2010 servers without any proxy etc so its a simple setup..
I’m yet to decommission the old server and all appears to be working fine apart from when an outlook 2010 users use outlook while out of the domain environment they get prompted for a password shortly after opening outlook 2/3 mins. Email still flows but the prompt keeps popping up.
I’ve tried deleting everything in credential manager and also deleting the outlook profile and recreating but with no joy.
Autodiscover is configured and appears to be working fine with a GoDaddy certificate.
Webmail is working fine externally (I’ve changed it so users only enter in their username rather that the domain too)
I’m guessing I’ll have to give you more information so please just let me know what you need to know.
Sean
I am assuming the popup is internally? I have had this happen many many many times with offline address books. Did you move the OAB to the new server? Are permissions correct on the OAB folder on the CAS? are things replicating for the OAB? There are a lot of things that can go wrong with an OAB to cause popups like this. I would first try to manually download the OAB. if you get a password prompt then that is your issue. now narrowing down what the cause of the issue is can be a bit more difficult but you will at least know what is causing the problem. a lot of the time it will be an issue with your OAB virtual directory or permissions on the OAB folder. If it is not your OAB then it seems like something is wrong with autodiscover but i would start with OAB.
ASKER
Hi Zindel1
OAB has moved to the new server but if there is a get command I can run to confirm this that would be hand.
The pop up happens when the laptops are out of the office connecting to exchange over outlookanywhere. Internally they are fine with no popups.
Cheers
G
OAB has moved to the new server but if there is a get command I can run to confirm this that would be hand.
The pop up happens when the laptops are out of the office connecting to exchange over outlookanywhere. Internally they are fine with no popups.
Cheers
G
On the Tools menu, point to Send/Receive, and then click Download Address Book.
As it is working internally but not externally it sounds more like a authentication issue on one of the virtual directories. I would still try the OAB thing just to be sure but make sure your virtual directories have the correct auth methods.
http://technet.microsoft.com/en-us/library/gg247612%28v=exchg.150%29.aspx
As it is working internally but not externally it sounds more like a authentication issue on one of the virtual directories. I would still try the OAB thing just to be sure but make sure your virtual directories have the correct auth methods.
http://technet.microsoft.com/en-us/library/gg247612%28v=exchg.150%29.aspx
ASKER
I get the feeling that it is the OAB I've disabled we-based distribution downloading of the address book to see if that stops the popups. If the pop up does stop I guess I'll need to start looking at the folders in IIS.
I would also check to make sure that your OAB URL is not pointed to the exchange 2003 server, or even the internal server name for that matter. It needs to point to mail.domain.com/oab (assuming your using mail.domain.com that is) you will need to run this command in exchange powershell:
get-oabvirtualdirectory
get-oabvirtualdirectory
ASKER
I ran get-oabvirtualdirectory and got the expected results for internal and external url's
Turning off the OWB didn't work unfortunately.
Turning off the OWB didn't work unfortunately.
On the external computer can you right click the outlook icon in the bottom right of your computer and select test email auto configuration and uncheck everything but use autodiscover and post the results, you can change the urls if you need to.
ASKER
Interestingly this causes the prompt to appear!
I can only get the autodiscover to complete if I authenticate with domain\username and password, not email address and password.
Do you still want the output?
I can only get the autodiscover to complete if I authenticate with domain\username and password, not email address and password.
Do you still want the output?
No that tells me there is an issue with autodiscover not OAB. I would check your autodiscover virtual directory as well as your autodiscover external url
get-autodiscovervirtualdir
make sure both those show correct information.
get-autodiscovervirtualdir
make sure both those show correct information.
ASKER
Both show the new server "Exch10"
Check your authentication setting on exchange and also try to reset password.
ASKER
The authentication settings in Exchange for OWA are
Use forms-based authentication
Logon format - User name only
Logon domain: to.local
Use forms-based authentication
Logon format - User name only
Logon domain: to.local
if it shows the server name this will not resolve externally. the external autodiscover url needs to be your mail.domain.com
ASKER
My apologies I'm a little confused.
From what I can tell the external domain is ok and is correctly set in the
Server Configuration - Client Access - Server Properties
Outlook Anywhere Tab
External host Name: mail.domain.com
Client authentication NTML
From what I can tell the external domain is ok and is correctly set in the
Server Configuration - Client Access - Server Properties
Outlook Anywhere Tab
External host Name: mail.domain.com
Client authentication NTML
ASKER
The internal and external URL's are also fine in the OWA General tab too.
Your outlook anywhere might be correct but you need to make sure your autodiscover external URL is able to be resolved externally. If you have your server name for the autodiscover URL then external users will not be able to resolve it.
here is good list of commands:
http://asifgohar.blogspot.com/2013/07/set-exchange-urls-owa-activesync-oab.html
here is good list of commands:
http://asifgohar.blogspot.com/2013/07/set-exchange-urls-owa-activesync-oab.html
ASKER
I can confirm the A record for our autodiscover is resolving correctly. Autodiscover is working fine from iPads and outlook externally but not for android though.
Having done a bit more googling could this be a result of setting up a http://mail.domain.com redirect to OWA (https://mail.domain.com/owa)?
Having done a bit more googling could this be a result of setting up a http://mail.domain.com redirect to OWA (https://mail.domain.com/owa)?
From my experience setting up a redirect doesn't cause this issue but you may need to turn off the require SSL on some of the virtual directories. The autodiscover virtual directory should require ssl and the external URL for the autodiscover service should be using https. I believe you only need to turn the require ssl off on the default website and maybe the OWA page. (someone maybe correct me if i am wrong on that) but its worth a try.
ASKER
Is it possible to confirm the SSL for the directories
Just to confirm it is only happening on the outlook 2010 clients not the 2007....
Just to confirm it is only happening on the outlook 2010 clients not the 2007....
this only happens on outlook 2010 and not 2007?
here are the default settings...but if you do the redirect i believe your default website need to have it turned off to do the redirect.
http://technet.microsoft.com/en-us/library/gg247612%28v=exchg.150%29.aspx
here are the default settings...but if you do the redirect i believe your default website need to have it turned off to do the redirect.
http://technet.microsoft.com/en-us/library/gg247612%28v=exchg.150%29.aspx
ASKER
My apologies the error is happening with Outlook 2007 and 2010.
Ok so I've set the folders to the default in the link provided and resetiis but no joy. If it stop MSExchangeAutodiscoverAppP
Ok so I've set the folders to the default in the link provided and resetiis but no joy. If it stop MSExchangeAutodiscoverAppP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've uninstalled Exchange 2003. I have also had to recreate the Offline Address List as it was referring to the old server. Unfortunately I still get the prompt when opening Outlook 2010 externally.