asked on

Ongoing Exchange 2010 to 2013 Migration - Outlook Security POPups

Hi All -

We have a customer in an ongoing migration from Exchange 2010 to Exchange 2013. With a mixture of Outlook 2010 and 2013 clients. There are 2 Exchange 2010 servers and 2 Exchange 2013 servers. End users from day to day with no clear logic receive pop boxes requesting they enter their user names and password....but as some many have stated in the past...putting in username and password does nothing as the pop comes right back.

At first the issue was just with the migrated users however now the Exchange 2010 users are receiving the same security popup.

I've read numerous articles and links about how to address this issue. Nothing seems to be working...OR I have not implemented the suggested changes correctly. I have basic command line knowledge so any suggestions please provide step by step instructions.

Guy Lidbetter

Hi zookeepa,

This sounds like an authentication issue with the outlook connections. Is it everyone receiving popups or only specific users i.e. Outlook 2010 users

Please provide the output for these:
get-outlookprovider
get-autodiscovervirtualdirectory | fl name, *auth*

zookeepa1

ASKER

Hmmm....

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl name, *auth*

Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
AdfsAuthentication : False

Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
AdfsAuthentication : False

Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False

Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False

zookeepa1

ASKER

[PS] C:\Windows\system32>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1

[PS] C:\Windows\system32>

Guy Lidbetter

Can you confirm the autodiscover records are going to the 2013 CAS boxes?

And could you confirm the scope of affected users? Client type etc... or is it just everyone?

zookeepa1

ASKER

autodiscover is pointed to the 2013 CAS server.
The clients impacted are both migrated and non-migrated users (everyone).

Thoughts?
Should the Get-OutlookProvider be blank?

Will Szymkowski

For a user that is running into this issue can you try the following..
- hold ctrl+right click the Outlook icon in the system tray
- select connection status
- check to see what servers the client is making a connection to
- also run the Test Email Auto Config as well for the client to see what virtual directories it is using to get Exchange data

I have seen this issue a lot when users that have been migrated from 2010 to 2013 and they are connecting to 2010 for public folders. Again check the authentication types on your virtual directories as well.

Will.

zookeepa1

ASKER

Hi Will -

Yes...there is one 2010 Exchange server with public folders.

zookeepa1

ASKER

Any other thoughts? We have 3rd party SSL certs installed. At the present migrated and new users are only using the store on one of the 2013 exchange servers.

Will is correct in that the migrated clients are connecting to the 2010 server to access public folders. I was under the impression the Public folders should migrated after the users.

ASKER CERTIFIED SOLUTION

Guy Lidbetter

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

zulea

We just finished our 2010 to 2013 migration. While the 2010 box was still running with Public folders on it we too had this pop up security box. It only went away once the public folders had been migrated and the server decommissioned. I spent weeks trying to find good info on migrating the public folders and finishing this quickly. There are errors in almost every document I found out there.
My best advice would be to just finish the migration of users and public folders then shutdown the 2010 boxes for a week to make sure they are done. Then remove them.
Note: Public folders with contacts or calendar items cannot be viewed over OWA.

zookeepa1

ASKER

Thanks Guy -

That link seems to be promising. I'm heading into the client's office today and will dig in and provide an update later.

Zulea - Thanks...not what I wanted to hear but you may be right.

zookeepa1

ASKER

This link did it for me...not sure if it was the wording or the examples. But this drove home the changes that I needed to make. - THANKS!

Guy Lidbetter

Great to hear it's resolved!

Happy to help!