Solved

Exchange 2013 keeps prompting me for a password

Posted on 2014-10-06
47
326 Views
Last Modified: 2014-10-08
I just finished setting up my exchange server. Email sends / receives just fine. As I started configuring each workstation It automatically locates the exchange account on its on, but it prompts me for their password again and again without accepting it. I've reset their password etc. No go.
password.jpg
0
Comment
Question by:cnl83
  • 25
  • 7
  • 5
  • +3
47 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40365118
Try this

Go to 'Start -> Control Panel -> User Accounts -> Manage Youur Credentials -> Look under Generic Credentials'.
Edit the Microsoft Outlook *** Email address is removed for privacy *** and change the password. Now launch your Outlook 2010 again to ensure that it is working or not
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365123
Based on when you are getting the prompt, I'd guess you have some misconfigured URLs in Exchange. outlook has some connectivity and autodiscover tests you can run to pinpoint any errors. That's where I'd start.
0
 

Author Comment

by:cnl83
ID: 40365131
When prompted it has the full email address. I enter the user name without the @myemailaddress.com and it goes through. That's not typical.
0
 

Author Comment

by:cnl83
ID: 40365135
One more thought, that is a pc connected to the local network. I just tried it on a pc outside the network and it says the connection to the exchange server is unavailable. I get two green checks then this error.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365137
Neither of those changes my advice. Don't guess. Test.
0
 

Author Comment

by:cnl83
ID: 40365150
It is failing the test.

I can reach https://mail.mydomain.com and login but the domain has to be the localdomain\myuser

Is that typical? or should it be accepting the public domain?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365158
When configured properly, internally it'll use windows authentication (which is domain\user) so that's expected. If you ran the test as I suggested, it will tell you with great specificity what is failing.
0
 

Author Comment

by:cnl83
ID: 40365160
maybe im running the wrong test.

https://testconnectivity.microsoft.com ??
0
 

Author Comment

by:cnl83
ID: 40365162
All it says is The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@myemailaddres.com
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365167
0
 

Author Comment

by:cnl83
ID: 40365180
It's failing at the autodiscover
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365182
And the specific error(s)? There are dozens of ways autodiscover can fail. We can't help without information.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40365194
Did you setup  DNS records for your exchange autodicover.?
0
 

Author Comment

by:cnl83
ID: 40365195
Errors
0
 

Author Comment

by:cnl83
ID: 40365204
root@secure [~]# host mydomain.com

bhaengineering.com has address 23.238.21.24

mydomain.com mail is handled by 0 mail.bhaengineering.com.

root@secure [~]# host mail.mydomain.com

mail.mydomain.com has address 000.000.000.000  <-- my ip
0
 

Author Comment

by:cnl83
ID: 40365206
I checked all ports 443, 110, 25, etc...

All open according to canyouseeme.org
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365213
You have a successful autodiscover. So your error is elsewhere.
0
 

Author Comment

by:cnl83
ID: 40365216
Ok where should I look. Im having  a hard time with this.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40365218
I posted the link to troubleshoot connectivity via powershell. There is a certain point where you may just need to call in and pay an experienced specialist.
0
 

Author Comment

by:cnl83
ID: 40365227
From the mail server I ran the powershell command you posted and it succeeded.

[PS] C:\windows\system32>Test-OutlookConnectivity -ProbeIdentity "OutlookRpcCTPProbe" -MailboxID vducote@mydomain.com

MonitorIdentity                          StartTime       EndTime         Result               Error                Exce
                                                                                                                   ptio
                                                                                                                   n
---------------                          ---------       -------         ------               -----                ----
Outlook\OutlookRpcCtpProbe               10/7/2014 4:... 10/7/2014 4:... Succeeded
0
 

Author Comment

by:cnl83
ID: 40365247
I am getting an error there is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Error code 10
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40365255
You need to make sure that all the Internal and External URLs you have configured in Exchange match a name on your certificate.

If not already, I recommend getting a 3rd party SAN / UC certificate.
http://supertekboy.com/certificates-for-microsoft-exchange/

For how to install that cert, as well as configure split-brain DNS and configure all the Exchange URLs check out this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40365357
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:hecgomrec
ID: 40365914
Exchange may ask for password several times primary for authentication and SSL certificate issues. Not using a trusted SSL certificate or having a different name on the certificate can cause it also.   Make sure the server is fully up dated (Should be on Exchange 2013 CU6) and the clients are up to date as well.

Also make sure URLs are configured correctly, particularly for Outlook Anywhere and the internal Autodiscover values.

DNS (A,MX) records point to the exchange server and finally that you are using the "DOMAIN\Username" and password combination.  Remember to select to save the credentials!!
0
 

Author Comment

by:cnl83
ID: 40367435
Facts im facing right now.

1) When I logon I use localdomain\user
2) When I access https://mail.mydomain.com it shows the certificate secures the site, but when im on the local network accessing it does not. It still shows its using a self signed certificate.
3) I can establish the connection from a remote location but im catching trouble with Outlook 2007.

I just completed the ssl certificate process.
0
 

Author Comment

by:cnl83
ID: 40367443
should I be able to ping autodiscover.mydomain.com from the client machine?
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40367627
usually yes. you should be able to ping to autodiscover.mydomain.com
0
 

Author Comment

by:cnl83
ID: 40367630
My host sent me the dns settings and there is no ANAME record. What should that be?
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40367730
have you added the A record for autodiscover.mydomain.com in your DNS (AD)? If not add it. To do it , go to your DNS>forward lookup zone>yourcompany.com>right click on right pane> New Host(A or AAA) autodiscover.mydomain.com and enter the IP of your exchange local IP.

Then in your control panel of your domain hosted (example, if your domain is hosted with Verio or Go Daddy, log in to your control panel) and make sure that you have "A" record for your exchange with a Public IP (it should be same IP of your MX records).
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40368172
I will have to disagree with Zacharia Kurian.

I can connect my users from anywhere without having the "autodiscover" records.  As long as you have your servers correctly setup you'll be able to find them without those records.

I use for this company: mail.companyname.ca for the exchange server (this is how our ISP has A and MX records only) I created the same records for server's internal IP and that it.

Open your Exchange Admin Center on exchange 2013 and go to servers, servers, double click your server and select Outlook Anywhere, here write down your server external and internal names (same name recommended) and make sure to match your SSL and the authentication mode.  Restart your IIS and try again.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40368393
0
 

Author Comment

by:cnl83
ID: 40368437
Zacharia the dns settings you want me to make comes out to autodiscover.localdomain.local

Is this correct?

Hegoc, I will try yours as well.
0
 

Author Comment

by:cnl83
ID: 40368468
hecgomrec, in issuing my certificate I should only have had public domain names correct? mail.mydomain.com, no local info correct?
0
 

Author Comment

by:cnl83
ID: 40368540
I restated IIS and couldn't get OWA to come up, restarted the server.

 Checked the IIS services which are all running. Nothing will come up.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40368585
Yes, your SSL should have the public name on it: mail.mydomain.com which is also you local one now.

For you to be able to open your owa within your LAN you must create a DNS record so your local stations will look for mail.mydomain.com ip address on your LAN as well.

If no DNS record, you should be able to open owa by https:\\serveripaddress\owa.
0
 

Author Comment

by:cnl83
ID: 40368589
No, after I restarted I cant get anything to work now! ahhhh!
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40368806
Have you reviewed this yet?
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/

This will tell you how to configure all URLs, certificates and DNS for Exchange 2013.
0
 

Author Comment

by:cnl83
ID: 40368826
I figured out how to get the IIS working again. The Godaddy certificate was not set in the bindings of IIS site.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40368833
That's weird. You shouldn't have to directly modify IIS to get it to work. In fact, its a best practice to have Exchange handle everything as it will configure IIS on the backend.

Once you had processed the cert, had you applied services to that cert with Exchange Admin Center? Adding IIS would have been one of the options.
0
 

Author Comment

by:cnl83
ID: 40368850
No I went to IIS > Right Clicked on Default Site > Bindings > (saw no certificate selected) > Selected my Godaddy certificate > Restarted IIS > Restart Transport.

I still have all kinds of trouble though. Can't connect Mobile devices, this original post problems connecting with Outlook 2007 etc.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40368856
Hey CNL83,

Because of all the changes since the original question, try using the ActiveSync test at www.exrca.com and see what you get results wise.

Because of the change in certificate, you may also want to try rebooting some of the phones/devices to see if they pick up the new cert. So see if a reboot of some of the phones/devices fixes the issue.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40368866
Please make sure that your SSL has  all the Subject Alternative Names related to your exchange server. I would prefer to use  wild card SSL, which is  more secured. Digicert has better tools to correct issues with SSL and pretty easy to use.

 The best and safest practice is that let your exchange handle the SSL as mentioned Gareth. The link ha has posted tells you exactly what should be done.
0
 

Author Comment

by:cnl83
ID: 40368971
On Step 5.Double-click to open the ECP (Default Web Site) properties.
6.Copy the contents of the External URL and paste over the contents of the Internal URL.


There is nothing in the external address. Should I start putting in my external address https://mail.myurl.com/whatever

?
0
 

Author Comment

by:cnl83
ID: 40369036
I had the Outlook 2007 connecting with that error, but after I followed the steps in that article, its back to throwing the error again and not connecting.
0
 

Author Comment

by:cnl83
ID: 40369043
Oh wait, I restarted that pc, and went through flawlessly. Let me check a few things.
0
 

Author Closing Comment

by:cnl83
ID: 40369074
This worked after I restarted the workstations. Thank you thank you!
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40369801
Awesome! Everything good?
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now