Solved

Outlook continuous login prompt issues

Posted on 2014-03-13
11
1,161 Views
Last Modified: 2014-06-04
I have recently took over our exchange system which i have never worked with besides creating a mailbox. I find himself having a consistent issue with a continuous login prompt with outlook 2010 and 2013. I have been setting up new laptops for users to replace their old computers were their outlook works fine (no continuous login prompt).  Users log into the laptops using their domain accounts. Setup outlook 2013 email account using the same settings from their previous working outlook 2010.

Server Settings
Server: mail.mydomain.com
Uername: first.last
Offline Settings: Use Cached exchange mode Checked
More settings: Security Tab
Encrypt data Checked
Logon network security: Negotiate authentication
Connection tab: Check connect to Microsoft Exchange using HTTP
Exchange Proxy Settings: Use this URL to connect to my proxy server for exchange
https://mail.mydomain.com
Check fast network
Check slow network
authentication: Basic

Outlook builds email then pops up a security alert regarding autodiscover.otherdomain.com with message The name on the security certificate is invalid or does not match the name of the site. Do you want to proceed?
Click yes.
Then login prompt comes up and a message to allow this website to configure first.last@otherdomain.com server settings. With https://mail.mydomain.com/autodiscover/autodiscover.xml
Check dont ask again
Click allow.
Enter login information
check remember password
Login prompt begins to constantly ask for credentials.
 
I have read some troubleshooting steps doing a Google search to no avail.
At this point Windows credential manager shows 2 accounts, One under Windows Credentials for mail.mydomain.com and the other under Generic for MS:Outlook.15.

I have deleted the domain user profile and started from scratch thinking the profile was corrupted which failed to correct the problem.

I am thinking autodiscover could be the issue.
Outlook shows its connected to exchange at the bottom but still getting the login prompt.
0
Comment
Question by:Glaciertech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 39927088
Assuming the laptops don't leave the building, disable this:
Connection tab: Check connect to Microsoft Exchange using HTTP
That's for the login prompt (if you click it away WITHOUT entering anything, you will still get email, right?)
The autodiscover prompt is something else, it expects a valid (officially bought) certificate for your domain. Depending on the company (mostly budget), I sometimes do nothing, sometimes disable it (using registry hacks), and sometimes solve it.
0
 

Author Comment

by:Glaciertech
ID: 39927830
Laptop will be used in house and remotely.
I have removed the check from connect to Microsoft Exchange using HTTP and still receive the logon prompt continuously. When i cancel out the login prompt i can still received emails. Outlook still shows as connected as well.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39927934
Ai, if you work remotely, you might need to enable that option again (unless you use VPN).
The login screen has no checkbox for "Save password" ?
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:Glaciertech
ID: 39927948
These configurations have been working before. The login screen does have a remember password but the prompt continues to show up.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39928005
The prompt doesn't always mean there is an authentication error. The most common cause is an SSL certificate issue, as Outlook cannot cope with the SSL prompt. Therefore you should check if the SSL certificate on the server is still valid and is trusted.

Simon.
0
 

Author Comment

by:Glaciertech
ID: 39928248
Attached is the certificate popup calls for.
This only pops up when on an external network not internal network.

Note: otherdomain.com is a valid UPN that the company has but the domain authenticated users is mydomain.com.

Certificate details:
Subject
Mail.mydomain.com
Subject Alternative Name
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com
SSL-Certificate.jpg
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39928881
The problem is with your SSL certificate configuration.
Autodiscover uses a host name value based on the email address of the user. Therefore if the user's email address is user @ example.com then Autodiscover will use Autodiscover.example.com.
It doesn't occur internally because Autodiscover works in a different way when it can see the domain.

You need to run through the Autodiscover tests on the Microsoft test site at http://exrca.com/ and see what is happening and the correct the DNS and or SSL certificate.

Simon.
0
 

Author Comment

by:Glaciertech
ID: 39930144
The CAS server is a domain controller for mydomain.com with hostname mail.mydomain.com.
The mailbox server has a hostname of exchange.mydomain.com.
Certificate name has a name of mail.mydomain.com with the following alternate subjects.
DNS Name=mail.mydomain.com
DNS Name=autodiscover.mydomain.com
DNS Name=exchange.mydomain.com

Users log in to domain mydomain.com on their pcs.
Users primary SMTP email address is first.last@otherdomain.com.  

I noticed that we have autodiscover records in both mydomain.com and otherdomain.com on external DNS servers.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39933996
Your problem is that you have an Autodiscover record in the other domain, but the entry isn't on the SSL certificate.

Therefore you have two options.

1. Remove the Autodiscover entry, so that it doesn't resolve at all. That will also mean ensuring that any wildcard was removed. Then configuring an SRV record for that other domain. http://semb.ee/srv

2. Replacing the SSL certificate with a certificate that contains the additional Autodiscover host name in it.

Simon.
0
 

Accepted Solution

by:
Glaciertech earned 0 total points
ID: 40101193
We ended up upgrading exchange server from 2007 to 2010 and reconfigured SSL for the correct domain. This seems to have corrected the issue. We no longer have multiple login prompts.
0
 

Author Closing Comment

by:Glaciertech
ID: 40110944
With time constants it was quicker to just rebuild the exchange server from scratch.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question