Solved

Outlook continuous login prompt issues

Posted on 2014-03-13
11
939 Views
Last Modified: 2014-06-04
I have recently took over our exchange system which i have never worked with besides creating a mailbox. I find himself having a consistent issue with a continuous login prompt with outlook 2010 and 2013. I have been setting up new laptops for users to replace their old computers were their outlook works fine (no continuous login prompt).  Users log into the laptops using their domain accounts. Setup outlook 2013 email account using the same settings from their previous working outlook 2010.

Server Settings
Server: mail.mydomain.com
Uername: first.last
Offline Settings: Use Cached exchange mode Checked
More settings: Security Tab
Encrypt data Checked
Logon network security: Negotiate authentication
Connection tab: Check connect to Microsoft Exchange using HTTP
Exchange Proxy Settings: Use this URL to connect to my proxy server for exchange
https://mail.mydomain.com
Check fast network
Check slow network
authentication: Basic

Outlook builds email then pops up a security alert regarding autodiscover.otherdomain.com with message The name on the security certificate is invalid or does not match the name of the site. Do you want to proceed?
Click yes.
Then login prompt comes up and a message to allow this website to configure first.last@otherdomain.com server settings. With https://mail.mydomain.com/autodiscover/autodiscover.xml
Check dont ask again
Click allow.
Enter login information
check remember password
Login prompt begins to constantly ask for credentials.
 
I have read some troubleshooting steps doing a Google search to no avail.
At this point Windows credential manager shows 2 accounts, One under Windows Credentials for mail.mydomain.com and the other under Generic for MS:Outlook.15.

I have deleted the domain user profile and started from scratch thinking the profile was corrupted which failed to correct the problem.

I am thinking autodiscover could be the issue.
Outlook shows its connected to exchange at the bottom but still getting the login prompt.
0
Comment
Question by:Glaciertech
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
Assuming the laptops don't leave the building, disable this:
Connection tab: Check connect to Microsoft Exchange using HTTP
That's for the login prompt (if you click it away WITHOUT entering anything, you will still get email, right?)
The autodiscover prompt is something else, it expects a valid (officially bought) certificate for your domain. Depending on the company (mostly budget), I sometimes do nothing, sometimes disable it (using registry hacks), and sometimes solve it.
0
 

Author Comment

by:Glaciertech
Comment Utility
Laptop will be used in house and remotely.
I have removed the check from connect to Microsoft Exchange using HTTP and still receive the logon prompt continuously. When i cancel out the login prompt i can still received emails. Outlook still shows as connected as well.
0
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
Ai, if you work remotely, you might need to enable that option again (unless you use VPN).
The login screen has no checkbox for "Save password" ?
0
 

Author Comment

by:Glaciertech
Comment Utility
These configurations have been working before. The login screen does have a remember password but the prompt continues to show up.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The prompt doesn't always mean there is an authentication error. The most common cause is an SSL certificate issue, as Outlook cannot cope with the SSL prompt. Therefore you should check if the SSL certificate on the server is still valid and is trusted.

Simon.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Glaciertech
Comment Utility
Attached is the certificate popup calls for.
This only pops up when on an external network not internal network.

Note: otherdomain.com is a valid UPN that the company has but the domain authenticated users is mydomain.com.

Certificate details:
Subject
Mail.mydomain.com
Subject Alternative Name
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com
SSL-Certificate.jpg
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The problem is with your SSL certificate configuration.
Autodiscover uses a host name value based on the email address of the user. Therefore if the user's email address is user @ example.com then Autodiscover will use Autodiscover.example.com.
It doesn't occur internally because Autodiscover works in a different way when it can see the domain.

You need to run through the Autodiscover tests on the Microsoft test site at http://exrca.com/ and see what is happening and the correct the DNS and or SSL certificate.

Simon.
0
 

Author Comment

by:Glaciertech
Comment Utility
The CAS server is a domain controller for mydomain.com with hostname mail.mydomain.com.
The mailbox server has a hostname of exchange.mydomain.com.
Certificate name has a name of mail.mydomain.com with the following alternate subjects.
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com

Users log in to domain mydomain.com on their pcs.
Users primary SMTP email address is first.last@otherdomain.com.  

I noticed that we have autodiscover records in both mydomain.com and otherdomain.com on external DNS servers.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Your problem is that you have an Autodiscover record in the other domain, but the entry isn't on the SSL certificate.

Therefore you have two options.

1. Remove the Autodiscover entry, so that it doesn't resolve at all. That will also mean ensuring that any wildcard was removed. Then configuring an SRV record for that other domain. http://semb.ee/srv

2. Replacing the SSL certificate with a certificate that contains the additional Autodiscover host name in it.

Simon.
0
 

Accepted Solution

by:
Glaciertech earned 0 total points
Comment Utility
We ended up upgrading exchange server from 2007 to 2010 and reconfigured SSL for the correct domain. This seems to have corrected the issue. We no longer have multiple login prompts.
0
 

Author Closing Comment

by:Glaciertech
Comment Utility
With time constants it was quicker to just rebuild the exchange server from scratch.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now