Solved

Outlook 2010/2007 prompting for authentication with Exchange 2010

Posted on 2014-02-05
6
490 Views
Last Modified: 2014-02-11
So I did the migration of one of our clients from Exchange 2003 to Exchange 2010 and managed to get mailflow and everything working.
One issue that I have not been able to sort out is the Outlook 2010/2007 random authentication prompts.

When opening Outlook, it would sometimes prompt for your username and password (not always) and proceed to open your mail client and able to read your emails.
While working on Outlook, it would prompt for a username and password again, typing in the username and password would make the box disappear, but later return.

Note, this is not for ALL Outlook clients, it's random and no way I can replicate it by doing something. Exchange Proxy is unticked (users are stationary). Checked the connection status, attached are 2 files, 1 before password, 1 after.
Before:
 Before Password
After:
 After Password
0
Comment
Question by:fulloutput
6 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
Comment Utility
Please check the under IIS on the Exchange server.  Under Autodiscover properties> Directory Security> Authentication Methods> "Integrated Windows Authentication".  must be selected.


Make sure exchange server update with latest service pack and outlook also. You exchange services also started state.

Your exchange installation folder and database and log path folder exclude in antivirus scan.

If still issue is not resolved then please recreate the following directory in iis.


    Autodiscover
    EWS
    RPC
    OAB


The above mention directory authentication method should be Integrated Windows Authentication"
0
 
LVL 4

Expert Comment

by:pcmghouse
Comment Utility
Please check if your clients are getting the correct URLS "test e-mail auto configuration".
May be one of the links is pointing to the wrong place.

Do you have any public folders?

Then we can troubleshoot from there.
0
 
LVL 2

Author Comment

by:fulloutput
Comment Utility
I tried running the test email auto config, but it just seems to hang half way through.
Although, what I did see is, the OWA link differs from the one that we actually use externally to access OWA.

The link on test auto config: exchange.domain.com
The link I use to access owa externally: exchange10.domain.com

Would this cause any issues?

Yes, I needed to migrate all public folders as the client uses it extensively.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Sounds like you don't have the URLs configured correctly within Exchange.
You need to correct them to match the SSL certificate. Authentication prompts are also a sign of an SSL certificate issue, such as a name mismatch - basically Outlook cannot cope with the SSL prompt.

Go through my guide here:
http://semb.ee/hostnames

You will need to have a SPLIT DNS system in place.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I think the issue here is with credentials authentications.

Try this:

Opene IIS on the Exchange server and check the following directories under the
default website:
             default web site
             oab
             autodiscover

Under the directory security tab of each of them, click Edit in the Secure
Communications section,  under Client Certificates set to Accept for each of the folders.
Stop an restart IIS.

Post your results.
0
 
LVL 2

Author Closing Comment

by:fulloutput
Comment Utility
Hi Simon,

I followed your advice and the random authentication prompts were resolved :) However, to rub salt in my wounds, a smartcard prompt started with some of the users, completely random.
I managed to get it sorted by changing the ssl settings of the default, oab and autodiscover sites to Require Cert, and Ignore.

Thanks,
HS
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now