brainsurf1
asked on
Outlook clients are prompting for password after trying to enable Outlook Anywhere
Hello,
We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.
I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.
Password prompts appeared:
However, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.
Changes Made:
I thought the password prompts were happening during OAB synchronization
This seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook
.
Any suggestions?
We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.
I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
The error on exRCA was returning was: An RPC error was thrown by the RPC Runtime process. Error 14 14
As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.
Password prompts appeared:
1.
When starting Outlook2.
When sending an email3.
RandomlyHowever, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.
Changes Made:
1.
Disabled Outlook Anywhere from EMC2.
Set Authenticated Users Permissions on /OAB and /ExchangeOAB folders to read&executeI thought the password prompts were happening during OAB synchronization
3.
Enabled Kernel Mode Authentication under Windows Authentication on the /RPC virtual directoryThis seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook
.
Any suggestions?
ASKER
Hi Simon,
We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.
The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.
The CAS AutoDiscoverInternalURI is setup correctly.
Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).
At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?
We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.
The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.
The CAS AutoDiscoverInternalURI is setup correctly.
Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).
At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?
ASKER
I am thinking this may be related to trying to download the Offline Address Book. I am seeing references to Downloading the Offline Address book in the connection status of the clients.
Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.
Any ideas?
Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Enabling Outlook Anywhere should not have caused these problems on its own, so I suspect it has simply caused the clients to show an error in your configuration.
In normal day to day operations, with Outlook Anywhere enabled the clients would not even use it. SSL errors are usually caused by Autodiscover problems - I say SSL errors because the most common reason for authentication prompts in Outlook is SSL errors.
Therefore the first thing I would do is upgrade the server to SP3.
Do you have a trusted SSL certificate in place? If not, then you will need to change that because the self signed certificates generated by Exchange are not supported for use with Outlook Anywhere (or ActiveSync).
You will then need to adjust the configuration of Exchange to use the trusted SSL certificate.
http://semb.ee/hostnames2007
Simon.