Solved

Outlook clients are prompting for password after trying to enable Outlook Anywhere

Posted on 2014-12-04
4
295 Views
Last Modified: 2014-12-04
Hello,

We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.

I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
The error on exRCA was returning was: An RPC error was thrown by the RPC Runtime process. Error 14 14



As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.  

Password prompts appeared:

1.

When starting Outlook

2.

When sending an email

3.

Randomly
However, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.

Changes Made:

1.

Disabled Outlook Anywhere from EMC

2.

Set Authenticated Users Permissions on /OAB and /ExchangeOAB folders to read&execute
I thought the password prompts were happening during OAB synchronization

3.

Enabled Kernel Mode Authentication under Windows Authentication on the /RPC virtual directory
This seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook
.

Any suggestions?
0
Comment
Question by:brainsurf1
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
First - Exchange 2007 SP2 is not supported any longer. You need to upgrade the server as soon as possible to Exchange 2007 SP3 with the latest rollup, particularly as you are using Outlook 2013.
Enabling Outlook Anywhere should not have caused these problems on its own, so I suspect it has simply caused the clients to show an error in your configuration.
In normal day to day operations, with Outlook Anywhere enabled the clients would not even use it. SSL errors are usually caused by Autodiscover problems - I say SSL errors because the most common reason for authentication prompts in Outlook is SSL errors.

Therefore the first thing I would do is upgrade the server to SP3.
Do you have a trusted SSL certificate in place? If not, then you will need to change that because the self signed certificates generated by Exchange are not supported for use with Outlook Anywhere (or ActiveSync).

You will then need to adjust the configuration of Exchange to use the trusted SSL certificate.

http://semb.ee/hostnames2007

Simon.
0
 

Author Comment

by:brainsurf1
Comment Utility
Hi Simon,

We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.

The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.

The CAS AutoDiscoverInternalURI is setup correctly.

Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).

At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?
0
 

Author Comment

by:brainsurf1
Comment Utility
I am thinking this may be related to trying to download the Offline Address Book. I am seeing references to Downloading the Offline Address book in the connection status of the clients.

Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.

Any ideas?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
There is a pretty good chance that trying to resolve the issue you have actually broken the virtual directories.
Therefore resetting the virtual directories may well resolve the issue for you.

Simon.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now