Ongoing Exchange 2010 to 2013 Migration - Outlook Security POPups

Hi All -

We have a customer in an ongoing migration from Exchange 2010 to Exchange 2013.  With a mixture of Outlook 2010 and 2013 clients.  There are 2 Exchange 2010 servers and 2 Exchange 2013 servers.  End users from day to day with no clear logic receive pop boxes requesting they enter their user names and password....but as some many have stated in the past...putting in username and password does nothing as the pop comes right back.

At first the issue was just with the migrated users however now the Exchange 2010 users are receiving the same security popup.

I've read numerous articles and links about how to address this issue.  Nothing seems to be working...OR I have not implemented the suggested changes correctly.  I have basic command line knowledge so any suggestions please provide step by step instructions.
LVL 4
zookeepa1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Hi zookeepa,

This sounds like an authentication issue with the outlook connections. Is it everyone receiving popups or only specific users i.e. Outlook 2010 users

Please provide the output for these:
get-outlookprovider
get-autodiscovervirtualdirectory | fl name, *auth*
zookeepa1Author Commented:
Hmmm....

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl name, *auth*


Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : False
AdfsAuthentication            : False

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : False
AdfsAuthentication            : False

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False
zookeepa1Author Commented:
[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1


[PS] C:\Windows\system32>
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Guy LidbetterCommented:
Can you confirm the autodiscover records are going to the 2013 CAS boxes?

And could you confirm the scope of affected users? Client type etc... or is it just everyone?
zookeepa1Author Commented:
autodiscover is pointed to the 2013 CAS server.
The clients impacted are both migrated and non-migrated users (everyone).

Thoughts?
Should the Get-OutlookProvider be blank?
Will SzymkowskiSenior Solution ArchitectCommented:
For a user that is running into this issue can you try the following..
- hold ctrl+right click the Outlook icon in the system tray
- select connection status
- check to see what servers the client is making a connection to
- also run the Test Email Auto Config as well for the client to see what virtual directories it is using to get Exchange data

I have seen this issue a lot when users that have been migrated from 2010 to 2013 and they are connecting to 2010 for public folders. Again check the authentication types on your virtual directories as well.

Will.
zookeepa1Author Commented:
Hi Will -

Yes...there is one 2010 Exchange server with public folders.
zookeepa1Author Commented:
Any other thoughts?  We have 3rd party SSL certs installed.  At the present migrated and new users are only using the store on one of the 2013 exchange servers.

Will is correct in that the migrated clients are connecting to the 2010 server to access public folders.  I was under the impression the Public folders should migrated after the users.
Guy LidbetterCommented:
Have read through this and see if it sheds any light...

http://clintboessen.blogspot.co.uk/2014/09/outlook-2010-and-exchange-2013-users.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
zuleaCommented:
We just finished our 2010 to 2013 migration. While the 2010 box was still running with Public folders on it we too had this pop up security box. It only went away once the public folders had been migrated and the server decommissioned. I spent weeks trying to find good info on migrating the public folders and finishing this quickly. There are errors in almost every document I found out there.
My best advice would be to just finish the migration of users and public folders then shutdown the 2010 boxes for a week to make sure they are done. Then remove them.
Note: Public folders with contacts or calendar items cannot be viewed over OWA.
zookeepa1Author Commented:
Thanks Guy -

That link seems to be promising.  I'm heading into the client's office today and will dig in and provide an update later.

Zulea - Thanks...not what I wanted to hear but you may be right.
zookeepa1Author Commented:
This link did it for me...not sure if it was the wording or the examples.  But this drove home the changes that I needed to make.  - THANKS!
Guy LidbetterCommented:
Great to hear it's resolved!

Happy to help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.