Can I start by saying I have never had this issue before. Using a simple single ALL in one Exch 2010 single server scenario. I have searched the support communities relentlessley for a fix. I am unfortunately another one of millions out there that is trying to work through the changes required for Exchange 2010 server to workaround the new UCC /SAN ssl cert rules.
I am now using DNS SRV for external Autodiscover service location. We obviously have different internal name space (*.local) and external name space. I have spent days reading around and sifting through relevant helpful articles and although the workarounds are easy to understand, fixing the potential problems as a direct consequence of applying the workaround are proving to be quite challenging.
I have worked through the changes required to redirect 2010 Exchange Server to use the External DNS name but ever since applying the url changes, Oultook clients (domain joined) are always getting a windows security password promt few seconds after they have opened outlook in the mornings always. The windows security dialogue box pops up and is invariably prepopulated with the username@smtpemailaddress. Users have to always change that to that Domain\username (we dont use UPNs) and enter the password and then it doesnt show up again until outlook is closed and reopened. This happens on Win7& outlook 2010 as well as win7&outlook 2007 users. I have checked the Autodiscover virtual directory in IIS and SSL authentication settings. SSL is set to require cert and ignore Client cert. I have also enabled kernel mode authentication? This wasnt enabled before but I read about this somewhere and thought I should try it. The wierd thing is that my computer win7/outlook 2010 doesnt get this password prompt. The impact of ignoring this windows security dialogue box is that other applications (MIS) that are mail enabled will not open outlook for the user to send email directly from the MIS application, and I noticed OOF is also broken. I then run the repair mailbox which then forces a windows security box to launch and once the correct username format is entered with the password everthing is fine...until you exit outlook.
Its a very irritating problem and I have run out of sensible ideas to try.
I have run Autodiscover tests both internally and externally and are both succesful.
Any help greatley appreciated.