Solved

Outlook continuous login prompt issues

Posted on 2014-03-13
11
1,131 Views
Last Modified: 2014-06-04
I have recently took over our exchange system which i have never worked with besides creating a mailbox. I find himself having a consistent issue with a continuous login prompt with outlook 2010 and 2013. I have been setting up new laptops for users to replace their old computers were their outlook works fine (no continuous login prompt).  Users log into the laptops using their domain accounts. Setup outlook 2013 email account using the same settings from their previous working outlook 2010.

Server Settings
Server: mail.mydomain.com
Uername: first.last
Offline Settings: Use Cached exchange mode Checked
More settings: Security Tab
Encrypt data Checked
Logon network security: Negotiate authentication
Connection tab: Check connect to Microsoft Exchange using HTTP
Exchange Proxy Settings: Use this URL to connect to my proxy server for exchange
https://mail.mydomain.com
Check fast network
Check slow network
authentication: Basic

Outlook builds email then pops up a security alert regarding autodiscover.otherdomain.com with message The name on the security certificate is invalid or does not match the name of the site. Do you want to proceed?
Click yes.
Then login prompt comes up and a message to allow this website to configure first.last@otherdomain.com server settings. With https://mail.mydomain.com/autodiscover/autodiscover.xml
Check dont ask again
Click allow.
Enter login information
check remember password
Login prompt begins to constantly ask for credentials.
 
I have read some troubleshooting steps doing a Google search to no avail.
At this point Windows credential manager shows 2 accounts, One under Windows Credentials for mail.mydomain.com and the other under Generic for MS:Outlook.15.

I have deleted the domain user profile and started from scratch thinking the profile was corrupted which failed to correct the problem.

I am thinking autodiscover could be the issue.
Outlook shows its connected to exchange at the bottom but still getting the login prompt.
0
Comment
Question by:Glaciertech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 39927088
Assuming the laptops don't leave the building, disable this:
Connection tab: Check connect to Microsoft Exchange using HTTP
That's for the login prompt (if you click it away WITHOUT entering anything, you will still get email, right?)
The autodiscover prompt is something else, it expects a valid (officially bought) certificate for your domain. Depending on the company (mostly budget), I sometimes do nothing, sometimes disable it (using registry hacks), and sometimes solve it.
0
 

Author Comment

by:Glaciertech
ID: 39927830
Laptop will be used in house and remotely.
I have removed the check from connect to Microsoft Exchange using HTTP and still receive the logon prompt continuously. When i cancel out the login prompt i can still received emails. Outlook still shows as connected as well.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 39927934
Ai, if you work remotely, you might need to enable that option again (unless you use VPN).
The login screen has no checkbox for "Save password" ?
0
To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

 

Author Comment

by:Glaciertech
ID: 39927948
These configurations have been working before. The login screen does have a remember password but the prompt continues to show up.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39928005
The prompt doesn't always mean there is an authentication error. The most common cause is an SSL certificate issue, as Outlook cannot cope with the SSL prompt. Therefore you should check if the SSL certificate on the server is still valid and is trusted.

Simon.
0
 

Author Comment

by:Glaciertech
ID: 39928248
Attached is the certificate popup calls for.
This only pops up when on an external network not internal network.

Note: otherdomain.com is a valid UPN that the company has but the domain authenticated users is mydomain.com.

Certificate details:
Subject
Mail.mydomain.com
Subject Alternative Name
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com
SSL-Certificate.jpg
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39928881
The problem is with your SSL certificate configuration.
Autodiscover uses a host name value based on the email address of the user. Therefore if the user's email address is user @ example.com then Autodiscover will use Autodiscover.example.com.
It doesn't occur internally because Autodiscover works in a different way when it can see the domain.

You need to run through the Autodiscover tests on the Microsoft test site at http://exrca.com/ and see what is happening and the correct the DNS and or SSL certificate.

Simon.
0
 

Author Comment

by:Glaciertech
ID: 39930144
The CAS server is a domain controller for mydomain.com with hostname mail.mydomain.com.
The mailbox server has a hostname of exchange.mydomain.com.
Certificate name has a name of mail.mydomain.com with the following alternate subjects.
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com

Users log in to domain mydomain.com on their pcs.
Users primary SMTP email address is first.last@otherdomain.com.  

I noticed that we have autodiscover records in both mydomain.com and otherdomain.com on external DNS servers.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39933996
Your problem is that you have an Autodiscover record in the other domain, but the entry isn't on the SSL certificate.

Therefore you have two options.

1. Remove the Autodiscover entry, so that it doesn't resolve at all. That will also mean ensuring that any wildcard was removed. Then configuring an SRV record for that other domain. http://semb.ee/srv

2. Replacing the SSL certificate with a certificate that contains the additional Autodiscover host name in it.

Simon.
0
 

Accepted Solution

by:
Glaciertech earned 0 total points
ID: 40101193
We ended up upgrading exchange server from 2007 to 2010 and reconfigured SSL for the correct domain. This seems to have corrected the issue. We no longer have multiple login prompts.
0
 

Author Closing Comment

by:Glaciertech
ID: 40110944
With time constants it was quicker to just rebuild the exchange server from scratch.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question