[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Outlook clients are prompting for password after trying to enable Outlook Anywhere

Posted on 2014-12-04
Medium Priority
Last Modified: 2014-12-04

We have an Exchange 2007 SP2 single server that was working correctly yesterday and for a couple of years without issues. Outlook Anywhere was not setup on the server and I received a request to set it up.

I enabled Outlook Anywhere and saw that the RPC over HTTP Proxy component wasn't installed. After installing the Windows Component, I re-enabled Outlook Anywhere. After a while and testing, Outlook Anywhere was not working properly and testing with exRCA. During my testing I enabled Basic and Windows Authentication on the /RPC virtual directory. I ended up disabling Outlook Anywhere to test during the weekend.
The error on exRCA was returning was: An RPC error was thrown by the RPC Runtime process. Error 14 14

As of this morning, Outlook clients are continuously being prompted for password. Most of the clients are Outlook 2010 and 2013. Outlook Anywhere is not enabled on the clients, so Outlook is not attempting to use RPC/HTTP.  

Password prompts appeared:


When starting Outlook


When sending an email


However, it does not appear to affect Outlook functionality. Outlook is still able to send and receive emails, so email is not down, it's just a big annoyance for end-users.

Changes Made:


Disabled Outlook Anywhere from EMC


Set Authenticated Users Permissions on /OAB and /ExchangeOAB folders to read&execute
I thought the password prompts were happening during OAB synchronization


Enabled Kernel Mode Authentication under Windows Authentication on the /RPC virtual directory
This seems to have decreased the overall amount of password prompts being received, but the password prompts still occur when starting Outlook

Any suggestions?
Question by:brainsurf1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40481252
First - Exchange 2007 SP2 is not supported any longer. You need to upgrade the server as soon as possible to Exchange 2007 SP3 with the latest rollup, particularly as you are using Outlook 2013.
Enabling Outlook Anywhere should not have caused these problems on its own, so I suspect it has simply caused the clients to show an error in your configuration.
In normal day to day operations, with Outlook Anywhere enabled the clients would not even use it. SSL errors are usually caused by Autodiscover problems - I say SSL errors because the most common reason for authentication prompts in Outlook is SSL errors.

Therefore the first thing I would do is upgrade the server to SP3.
Do you have a trusted SSL certificate in place? If not, then you will need to change that because the self signed certificates generated by Exchange are not supported for use with Outlook Anywhere (or ActiveSync).

You will then need to adjust the configuration of Exchange to use the trusted SSL certificate.



Author Comment

ID: 40481302
Hi Simon,

We have split DNS setup and a certificate from a trusted CA. The certificate is in use for IIS and shows up correctly when accessing OWA.

The OWA, EWS, OAB, ActiveSync vDirs have the internal and external URL matching and DNS is properly configured internally.

The CAS AutoDiscoverInternalURI is setup correctly.

Our autodiscover is setup with an SRV record and is working internally and externally (though obviously with Outlook Anywhere disabled, it's not much use externally).

At this point it doesn't look like it is SSL related as nothing with SSL has changed unless if installing the RPC over HTTP Proxy components OR enabling Outlook Anywhere changes SSL settings in Exchange?

Author Comment

ID: 40481469
I am thinking this may be related to trying to download the Offline Address Book. I am seeing references to Downloading the Offline Address book in the connection status of the clients.

Additionally when I navgiate to the https://mail.companydomain.com/OAB/<guid>/oab.xml - I cannot authenticate and get a 401 error. On my other 2007 servers I am able to access the OAB.xml via logging in.

Any ideas?
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 40481976
There is a pretty good chance that trying to resolve the issue you have actually broken the virtual directories.
Therefore resetting the virtual directories may well resolve the issue for you.


Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question