cnl83
asked on
Exchange 2013 keeps prompting me for a password
Based on when you are getting the prompt, I'd guess you have some misconfigured URLs in Exchange. outlook has some connectivity and autodiscover tests you can run to pinpoint any errors. That's where I'd start.
ASKER
When prompted it has the full email address. I enter the user name without the @myemailaddress.com and it goes through. That's not typical.
ASKER
One more thought, that is a pc connected to the local network. I just tried it on a pc outside the network and it says the connection to the exchange server is unavailable. I get two green checks then this error.
Neither of those changes my advice. Don't guess. Test.
ASKER
It is failing the test.
I can reach https://mail.mydomain.com and login but the domain has to be the localdomain\myuser
Is that typical? or should it be accepting the public domain?
I can reach https://mail.mydomain.com and login but the domain has to be the localdomain\myuser
Is that typical? or should it be accepting the public domain?
When configured properly, internally it'll use windows authentication (which is domain\user) so that's expected. If you ran the test as I suggested, it will tell you with great specificity what is failing.
ASKER
ASKER
All it says is The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@myemailaddres.com
http://technet.microsoft.com/en-us/library/dd638082(v=exchg.150).aspx
http://www.addictivetips.com/microsoft-office/outlook-2010-test-email-auto-configuration/
You are having problems internally, so external tests are premature.
http://www.addictivetips.com/microsoft-office/outlook-2010-test-email-auto-configuration/
You are having problems internally, so external tests are premature.
ASKER
It's failing at the autodiscover
And the specific error(s)? There are dozens of ways autodiscover can fail. We can't help without information.
Did you setup DNS records for your exchange autodicover.?
ASKER
root@secure [~]# host mydomain.com
bhaengineering.com has address 23.238.21.24
mydomain.com mail is handled by 0 mail.bhaengineering.com.
root@secure [~]# host mail.mydomain.com
mail.mydomain.com has address 000.000.000.000 <-- my ip
bhaengineering.com has address 23.238.21.24
mydomain.com mail is handled by 0 mail.bhaengineering.com.
root@secure [~]# host mail.mydomain.com
mail.mydomain.com has address 000.000.000.000 <-- my ip
ASKER
I checked all ports 443, 110, 25, etc...
All open according to canyouseeme.org
All open according to canyouseeme.org
You have a successful autodiscover. So your error is elsewhere.
ASKER
Ok where should I look. Im having a hard time with this.
I posted the link to troubleshoot connectivity via powershell. There is a certain point where you may just need to call in and pay an experienced specialist.
ASKER
From the mail server I ran the powershell command you posted and it succeeded.
[PS] C:\windows\system32>Test-O utlookConn ectivity -ProbeIdentity "OutlookRpcCTPProbe" -MailboxID vducote@mydomain.com
MonitorIdentity StartTime EndTime Result Error Exce
ptio
n
--------------- --------- ------- ------ ----- ----
Outlook\OutlookRpcCtpProbe 10/7/2014 4:... 10/7/2014 4:... Succeeded
[PS] C:\windows\system32>Test-O
MonitorIdentity StartTime EndTime Result Error Exce
ptio
n
--------------- --------- ------- ------ ----- ----
Outlook\OutlookRpcCtpProbe
ASKER
I am getting an error there is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Error code 10
You need to make sure that all the Internal and External URLs you have configured in Exchange match a name on your certificate.
If not already, I recommend getting a 3rd party SAN / UC certificate.
http://supertekboy.com/certificates-for-microsoft-exchange/
For how to install that cert, as well as configure split-brain DNS and configure all the Exchange URLs check out this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
If not already, I recommend getting a 3rd party SAN / UC certificate.
http://supertekboy.com/certificates-for-microsoft-exchange/
For how to install that cert, as well as configure split-brain DNS and configure all the Exchange URLs check out this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
Please have a look into the following thread at EE. It could be helpful.
https://www.experts-exchange.com/questions/28174977/Exchange-2013-Outlook-2010-prompts-for-password-Outlook-2007-connects-OWA-Activesync-fine.html
Also try the below too;
http://exchangeserverpro.com/forums/exchange-server-2013/4249-outlook-anywhere-broken-exchange-2013-a.html
https://www.experts-exchange.com/questions/28174977/Exchange-2013-Outlook-2010-prompts-for-password-Outlook-2007-connects-OWA-Activesync-fine.html
Also try the below too;
http://exchangeserverpro.com/forums/exchange-server-2013/4249-outlook-anywhere-broken-exchange-2013-a.html
Exchange may ask for password several times primary for authentication and SSL certificate issues. Not using a trusted SSL certificate or having a different name on the certificate can cause it also. Make sure the server is fully up dated (Should be on Exchange 2013 CU6) and the clients are up to date as well.
Also make sure URLs are configured correctly, particularly for Outlook Anywhere and the internal Autodiscover values.
DNS (A,MX) records point to the exchange server and finally that you are using the "DOMAIN\Username" and password combination. Remember to select to save the credentials!!
Also make sure URLs are configured correctly, particularly for Outlook Anywhere and the internal Autodiscover values.
DNS (A,MX) records point to the exchange server and finally that you are using the "DOMAIN\Username" and password combination. Remember to select to save the credentials!!
ASKER
Facts im facing right now.
1) When I logon I use localdomain\user
2) When I access https://mail.mydomain.com it shows the certificate secures the site, but when im on the local network accessing it does not. It still shows its using a self signed certificate.
3) I can establish the connection from a remote location but im catching trouble with Outlook 2007.
I just completed the ssl certificate process.
1) When I logon I use localdomain\user
2) When I access https://mail.mydomain.com it shows the certificate secures the site, but when im on the local network accessing it does not. It still shows its using a self signed certificate.
3) I can establish the connection from a remote location but im catching trouble with Outlook 2007.
I just completed the ssl certificate process.
ASKER
should I be able to ping autodiscover.mydomain.com from the client machine?
usually yes. you should be able to ping to autodiscover.mydomain.com
ASKER
My host sent me the dns settings and there is no ANAME record. What should that be?
have you added the A record for autodiscover.mydomain.com in your DNS (AD)? If not add it. To do it , go to your DNS>forward lookup zone>yourcompany.com>right click on right pane> New Host(A or AAA) autodiscover.mydomain.com and enter the IP of your exchange local IP.
Then in your control panel of your domain hosted (example, if your domain is hosted with Verio or Go Daddy, log in to your control panel) and make sure that you have "A" record for your exchange with a Public IP (it should be same IP of your MX records).
Then in your control panel of your domain hosted (example, if your domain is hosted with Verio or Go Daddy, log in to your control panel) and make sure that you have "A" record for your exchange with a Public IP (it should be same IP of your MX records).
I will have to disagree with Zacharia Kurian.
I can connect my users from anywhere without having the "autodiscover" records. As long as you have your servers correctly setup you'll be able to find them without those records.
I use for this company: mail.companyname.ca for the exchange server (this is how our ISP has A and MX records only) I created the same records for server's internal IP and that it.
Open your Exchange Admin Center on exchange 2013 and go to servers, servers, double click your server and select Outlook Anywhere, here write down your server external and internal names (same name recommended) and make sure to match your SSL and the authentication mode. Restart your IIS and try again.
I can connect my users from anywhere without having the "autodiscover" records. As long as you have your servers correctly setup you'll be able to find them without those records.
I use for this company: mail.companyname.ca for the exchange server (this is how our ISP has A and MX records only) I created the same records for server's internal IP and that it.
Open your Exchange Admin Center on exchange 2013 and go to servers, servers, double click your server and select Outlook Anywhere, here write down your server external and internal names (same name recommended) and make sure to match your SSL and the authentication mode. Restart your IIS and try again.
For details about auto-discover, please see the below links;
http://technet.microsoft.com/en-us/library/bb124251%28v=exchg.150%29.aspx
http://www.sherweb.com/blog/autodiscover_record_exchange/
http://hosting.intermedia.net/support/kb/?id=1306
http://technet.microsoft.com/en-us/library/bb124251%28v=exchg.150%29.aspx
http://www.sherweb.com/blog/autodiscover_record_exchange/
http://hosting.intermedia.net/support/kb/?id=1306
ASKER
Zacharia the dns settings you want me to make comes out to autodiscover.localdomain.l ocal
Is this correct?
Hegoc, I will try yours as well.
Is this correct?
Hegoc, I will try yours as well.
ASKER
hecgomrec, in issuing my certificate I should only have had public domain names correct? mail.mydomain.com, no local info correct?
ASKER
I restated IIS and couldn't get OWA to come up, restarted the server.
Checked the IIS services which are all running. Nothing will come up.
Checked the IIS services which are all running. Nothing will come up.
Yes, your SSL should have the public name on it: mail.mydomain.com which is also you local one now.
For you to be able to open your owa within your LAN you must create a DNS record so your local stations will look for mail.mydomain.com ip address on your LAN as well.
If no DNS record, you should be able to open owa by https:\\serveripaddress\owa.
For you to be able to open your owa within your LAN you must create a DNS record so your local stations will look for mail.mydomain.com ip address on your LAN as well.
If no DNS record, you should be able to open owa by https:\\serveripaddress\owa.
ASKER
No, after I restarted I cant get anything to work now! ahhhh!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured out how to get the IIS working again. The Godaddy certificate was not set in the bindings of IIS site.
That's weird. You shouldn't have to directly modify IIS to get it to work. In fact, its a best practice to have Exchange handle everything as it will configure IIS on the backend.
Once you had processed the cert, had you applied services to that cert with Exchange Admin Center? Adding IIS would have been one of the options.
Once you had processed the cert, had you applied services to that cert with Exchange Admin Center? Adding IIS would have been one of the options.
ASKER
No I went to IIS > Right Clicked on Default Site > Bindings > (saw no certificate selected) > Selected my Godaddy certificate > Restarted IIS > Restart Transport.
I still have all kinds of trouble though. Can't connect Mobile devices, this original post problems connecting with Outlook 2007 etc.
I still have all kinds of trouble though. Can't connect Mobile devices, this original post problems connecting with Outlook 2007 etc.
Hey CNL83,
Because of all the changes since the original question, try using the ActiveSync test at www.exrca.com and see what you get results wise.
Because of the change in certificate, you may also want to try rebooting some of the phones/devices to see if they pick up the new cert. So see if a reboot of some of the phones/devices fixes the issue.
Because of all the changes since the original question, try using the ActiveSync test at www.exrca.com and see what you get results wise.
Because of the change in certificate, you may also want to try rebooting some of the phones/devices to see if they pick up the new cert. So see if a reboot of some of the phones/devices fixes the issue.
Please make sure that your SSL has all the Subject Alternative Names related to your exchange server. I would prefer to use wild card SSL, which is more secured. Digicert has better tools to correct issues with SSL and pretty easy to use.
The best and safest practice is that let your exchange handle the SSL as mentioned Gareth. The link ha has posted tells you exactly what should be done.
The best and safest practice is that let your exchange handle the SSL as mentioned Gareth. The link ha has posted tells you exactly what should be done.
ASKER
On Step 5.Double-click to open the ECP (Default Web Site) properties.
6.Copy the contents of the External URL and paste over the contents of the Internal URL.
There is nothing in the external address. Should I start putting in my external address https://mail.myurl.com/whatever
?
6.Copy the contents of the External URL and paste over the contents of the Internal URL.
There is nothing in the external address. Should I start putting in my external address https://mail.myurl.com/whatever
?
ASKER
I had the Outlook 2007 connecting with that error, but after I followed the steps in that article, its back to throwing the error again and not connecting.
ASKER
Oh wait, I restarted that pc, and went through flawlessly. Let me check a few things.
ASKER
This worked after I restarted the workstations. Thank you thank you!
Awesome! Everything good?
Go to 'Start -> Control Panel -> User Accounts -> Manage Youur Credentials -> Look under Generic Credentials'.
Edit the Microsoft Outlook *** Email address is removed for privacy *** and change the password. Now launch your Outlook 2010 again to ensure that it is working or not