Solved

Outlook clients are prompting for password after trying to enable Outlook Anywhere

Posted on 2014-12-04
4
314 Views
Last Modified: 2014-12-04
Hello,

We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.

I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
The error on exRCA was returning was: An RPC error was thrown by the RPC Runtime process. Error 14 14



As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.  

Password prompts appeared:

1.

When starting Outlook

2.

When sending an email

3.

Randomly
However, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.

Changes Made:

1.

Disabled Outlook Anywhere from EMC

2.

Set Authenticated Users Permissions on /OAB and /ExchangeOAB folders to read&execute
I thought the password prompts were happening during OAB synchronization

3.

Enabled Kernel Mode Authentication under Windows Authentication on the /RPC virtual directory
This seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook
.

Any suggestions?
0
Comment
Question by:brainsurf1
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40481252
First - Exchange 2007 SP2 is not supported any longer. You need to upgrade the server as soon as possible to Exchange 2007 SP3 with the latest rollup, particularly as you are using Outlook 2013.
Enabling Outlook Anywhere should not have caused these problems on its own, so I suspect it has simply caused the clients to show an error in your configuration.
In normal day to day operations, with Outlook Anywhere enabled the clients would not even use it. SSL errors are usually caused by Autodiscover problems - I say SSL errors because the most common reason for authentication prompts in Outlook is SSL errors.

Therefore the first thing I would do is upgrade the server to SP3.
Do you have a trusted SSL certificate in place? If not, then you will need to change that because the self signed certificates generated by Exchange are not supported for use with Outlook Anywhere (or ActiveSync).

You will then need to adjust the configuration of Exchange to use the trusted SSL certificate.

http://semb.ee/hostnames2007

Simon.
0
 

Author Comment

by:brainsurf1
ID: 40481302
Hi Simon,

We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.

The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.

The CAS AutoDiscoverInternalURI is setup correctly.

Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).

At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?
0
 

Author Comment

by:brainsurf1
ID: 40481469
I am thinking this may be related to trying to download the Offline Address Book. I am seeing references to Downloading the Offline Address book in the connection status of the clients.

Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.

Any ideas?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40481976
There is a pretty good chance that trying to resolve the issue you have actually broken the virtual directories.
Therefore resetting the virtual directories may well resolve the issue for you.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question