Exchange 2013 keeps prompting me for a password

I just finished setting up my exchange server. Email sends / receives just fine. As I started configuring each workstation It automatically locates the exchange account on its on, but it prompts me for their password again and again without accepting it. I've reset their password etc. No go.
password.jpg
cnl83Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas GrassiSystems AdministratorCommented:
Try this

Go to 'Start -> Control Panel -> User Accounts -> Manage Youur Credentials -> Look under Generic Credentials'.
Edit the Microsoft Outlook *** Email address is removed for privacy *** and change the password. Now launch your Outlook 2010 again to ensure that it is working or not
0
Cliff GaliherCommented:
Based on when you are getting the prompt, I'd guess you have some misconfigured URLs in Exchange. outlook has some connectivity and autodiscover tests you can run to pinpoint any errors. That's where I'd start.
0
cnl83Author Commented:
When prompted it has the full email address. I enter the user name without the @myemailaddress.com and it goes through. That's not typical.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

cnl83Author Commented:
One more thought, that is a pc connected to the local network. I just tried it on a pc outside the network and it says the connection to the exchange server is unavailable. I get two green checks then this error.
0
Cliff GaliherCommented:
Neither of those changes my advice. Don't guess. Test.
0
cnl83Author Commented:
It is failing the test.

I can reach https://mail.mydomain.com and login but the domain has to be the localdomain\myuser

Is that typical? or should it be accepting the public domain?
0
Cliff GaliherCommented:
When configured properly, internally it'll use windows authentication (which is domain\user) so that's expected. If you ran the test as I suggested, it will tell you with great specificity what is failing.
0
cnl83Author Commented:
maybe im running the wrong test.

https://testconnectivity.microsoft.com ??
0
cnl83Author Commented:
All it says is The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@myemailaddres.com
0
cnl83Author Commented:
It's failing at the autodiscover
0
Cliff GaliherCommented:
And the specific error(s)? There are dozens of ways autodiscover can fail. We can't help without information.
0
Thomas GrassiSystems AdministratorCommented:
Did you setup  DNS records for your exchange autodicover.?
0
cnl83Author Commented:
Errors
0
cnl83Author Commented:
root@secure [~]# host mydomain.com

bhaengineering.com has address 23.238.21.24

mydomain.com mail is handled by 0 mail.bhaengineering.com.

root@secure [~]# host mail.mydomain.com

mail.mydomain.com has address 000.000.000.000  <-- my ip
0
cnl83Author Commented:
I checked all ports 443, 110, 25, etc...

All open according to canyouseeme.org
0
Cliff GaliherCommented:
You have a successful autodiscover. So your error is elsewhere.
0
cnl83Author Commented:
Ok where should I look. Im having  a hard time with this.
0
Cliff GaliherCommented:
I posted the link to troubleshoot connectivity via powershell. There is a certain point where you may just need to call in and pay an experienced specialist.
0
cnl83Author Commented:
From the mail server I ran the powershell command you posted and it succeeded.

[PS] C:\windows\system32>Test-OutlookConnectivity -ProbeIdentity "OutlookRpcCTPProbe" -MailboxID vducote@mydomain.com

MonitorIdentity                          StartTime       EndTime         Result               Error                Exce
                                                                                                                   ptio
                                                                                                                   n
---------------                          ---------       -------         ------               -----                ----
Outlook\OutlookRpcCtpProbe               10/7/2014 4:... 10/7/2014 4:... Succeeded
0
cnl83Author Commented:
I am getting an error there is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Error code 10
0
Gareth GudgerCommented:
You need to make sure that all the Internal and External URLs you have configured in Exchange match a name on your certificate.

If not already, I recommend getting a 3rd party SAN / UC certificate.
http://supertekboy.com/certificates-for-microsoft-exchange/

For how to install that cert, as well as configure split-brain DNS and configure all the Exchange URLs check out this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
0
hecgomrecCommented:
Exchange may ask for password several times primary for authentication and SSL certificate issues. Not using a trusted SSL certificate or having a different name on the certificate can cause it also.   Make sure the server is fully up dated (Should be on Exchange 2013 CU6) and the clients are up to date as well.

Also make sure URLs are configured correctly, particularly for Outlook Anywhere and the internal Autodiscover values.

DNS (A,MX) records point to the exchange server and finally that you are using the "DOMAIN\Username" and password combination.  Remember to select to save the credentials!!
0
cnl83Author Commented:
Facts im facing right now.

1) When I logon I use localdomain\user
2) When I access https://mail.mydomain.com it shows the certificate secures the site, but when im on the local network accessing it does not. It still shows its using a self signed certificate.
3) I can establish the connection from a remote location but im catching trouble with Outlook 2007.

I just completed the ssl certificate process.
0
cnl83Author Commented:
should I be able to ping autodiscover.mydomain.com from the client machine?
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
usually yes. you should be able to ping to autodiscover.mydomain.com
0
cnl83Author Commented:
My host sent me the dns settings and there is no ANAME record. What should that be?
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
have you added the A record for autodiscover.mydomain.com in your DNS (AD)? If not add it. To do it , go to your DNS>forward lookup zone>yourcompany.com>right click on right pane> New Host(A or AAA) autodiscover.mydomain.com and enter the IP of your exchange local IP.

Then in your control panel of your domain hosted (example, if your domain is hosted with Verio or Go Daddy, log in to your control panel) and make sure that you have "A" record for your exchange with a Public IP (it should be same IP of your MX records).
0
hecgomrecCommented:
I will have to disagree with Zacharia Kurian.

I can connect my users from anywhere without having the "autodiscover" records.  As long as you have your servers correctly setup you'll be able to find them without those records.

I use for this company: mail.companyname.ca for the exchange server (this is how our ISP has A and MX records only) I created the same records for server's internal IP and that it.

Open your Exchange Admin Center on exchange 2013 and go to servers, servers, double click your server and select Outlook Anywhere, here write down your server external and internal names (same name recommended) and make sure to match your SSL and the authentication mode.  Restart your IIS and try again.
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
0
cnl83Author Commented:
Zacharia the dns settings you want me to make comes out to autodiscover.localdomain.local

Is this correct?

Hegoc, I will try yours as well.
0
cnl83Author Commented:
hecgomrec, in issuing my certificate I should only have had public domain names correct? mail.mydomain.com, no local info correct?
0
cnl83Author Commented:
I restated IIS and couldn't get OWA to come up, restarted the server.

 Checked the IIS services which are all running. Nothing will come up.
0
hecgomrecCommented:
Yes, your SSL should have the public name on it: mail.mydomain.com which is also you local one now.

For you to be able to open your owa within your LAN you must create a DNS record so your local stations will look for mail.mydomain.com ip address on your LAN as well.

If no DNS record, you should be able to open owa by https:\\serveripaddress\owa.
0
cnl83Author Commented:
No, after I restarted I cant get anything to work now! ahhhh!
0
Gareth GudgerCommented:
Have you reviewed this yet?
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/ 

This will tell you how to configure all URLs, certificates and DNS for Exchange 2013.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cnl83Author Commented:
I figured out how to get the IIS working again. The Godaddy certificate was not set in the bindings of IIS site.
0
Gareth GudgerCommented:
That's weird. You shouldn't have to directly modify IIS to get it to work. In fact, its a best practice to have Exchange handle everything as it will configure IIS on the backend.

Once you had processed the cert, had you applied services to that cert with Exchange Admin Center? Adding IIS would have been one of the options.
0
cnl83Author Commented:
No I went to IIS > Right Clicked on Default Site > Bindings > (saw no certificate selected) > Selected my Godaddy certificate > Restarted IIS > Restart Transport.

I still have all kinds of trouble though. Can't connect Mobile devices, this original post problems connecting with Outlook 2007 etc.
0
Gareth GudgerCommented:
Hey CNL83,

Because of all the changes since the original question, try using the ActiveSync test at www.exrca.com and see what you get results wise.

Because of the change in certificate, you may also want to try rebooting some of the phones/devices to see if they pick up the new cert. So see if a reboot of some of the phones/devices fixes the issue.
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Please make sure that your SSL has  all the Subject Alternative Names related to your exchange server. I would prefer to use  wild card SSL, which is  more secured. Digicert has better tools to correct issues with SSL and pretty easy to use.

 The best and safest practice is that let your exchange handle the SSL as mentioned Gareth. The link ha has posted tells you exactly what should be done.
0
cnl83Author Commented:
On Step 5.Double-click to open the ECP (Default Web Site) properties.
6.Copy the contents of the External URL and paste over the contents of the Internal URL.


There is nothing in the external address. Should I start putting in my external address https://mail.myurl.com/whatever

?
0
cnl83Author Commented:
I had the Outlook 2007 connecting with that error, but after I followed the steps in that article, its back to throwing the error again and not connecting.
0
cnl83Author Commented:
Oh wait, I restarted that pc, and went through flawlessly. Let me check a few things.
0
cnl83Author Commented:
This worked after I restarted the workstations. Thank you thank you!
0
Gareth GudgerCommented:
Awesome! Everything good?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.