Solved

Outlook clients are prompting for password after trying to enable Outlook Anywhere

Posted on 2014-12-04
4
307 Views
Last Modified: 2014-12-04
Hello,

We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.

I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
The error on exRCA was returning was: An RPC error was thrown by the RPC Runtime process. Error 14 14



As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.  

Password prompts appeared:

1.

When starting Outlook

2.

When sending an email

3.

Randomly
However, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.

Changes Made:

1.

Disabled Outlook Anywhere from EMC

2.

Set Authenticated Users Permissions on /OAB and /ExchangeOAB folders to read&execute
I thought the password prompts were happening during OAB synchronization

3.

Enabled Kernel Mode Authentication under Windows Authentication on the /RPC virtual directory
This seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook
.

Any suggestions?
0
Comment
Question by:brainsurf1
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40481252
First - Exchange 2007 SP2 is not supported any longer. You need to upgrade the server as soon as possible to Exchange 2007 SP3 with the latest rollup, particularly as you are using Outlook 2013.
Enabling Outlook Anywhere should not have caused these problems on its own, so I suspect it has simply caused the clients to show an error in your configuration.
In normal day to day operations, with Outlook Anywhere enabled the clients would not even use it. SSL errors are usually caused by Autodiscover problems - I say SSL errors because the most common reason for authentication prompts in Outlook is SSL errors.

Therefore the first thing I would do is upgrade the server to SP3.
Do you have a trusted SSL certificate in place? If not, then you will need to change that because the self signed certificates generated by Exchange are not supported for use with Outlook Anywhere (or ActiveSync).

You will then need to adjust the configuration of Exchange to use the trusted SSL certificate.

http://semb.ee/hostnames2007

Simon.
0
 

Author Comment

by:brainsurf1
ID: 40481302
Hi Simon,

We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.

The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.

The CAS AutoDiscoverInternalURI is setup correctly.

Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).

At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?
0
 

Author Comment

by:brainsurf1
ID: 40481469
I am thinking this may be related to trying to download the Offline Address Book. I am seeing references to Downloading the Offline Address book in the connection status of the clients.

Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.

Any ideas?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40481976
There is a pretty good chance that trying to resolve the issue you have actually broken the virtual directories.
Therefore resetting the virtual directories may well resolve the issue for you.

Simon.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question