Exchange 2007 - Outlook 2010 - Renewed Certificates - Outlook Asking for Credentials

Hello,
      We just renewed the certificates on our Exchange server yesterday. I now have several users that have the dreaded popup asking for credentials. Of coarse, no matter what you enter for credentials it just pops back up. We are using Exchange 2007 and Outlook 2010. All users run Outlook in cache mode. Any help with this would be appreciated.

Thank you
LVL 1
daskas27Asked:
Who is Participating?
 
daskas27Author Commented:
It turns out that at that location there is a Barracuda Web Filter in place. I bypassed the web filter and the credential requests have stopped. Any ideas on why the Barracuda device would cause problems after the certificate renewal?
0
 
Simon Butler (Sembee)ConsultantCommented:
Credential popup is a classic sign of a problem with the SSL certificate.
Did you renew it with a trusted SSL certificate?
If so, have you ensured that it is installed correctly? You should be able to browse to OWA and not get any SSL prompts.

If you haven't changed the configuration of Exchange, then you are probably experiencing the problem with the internal name being removed from the SSL certificate. That will stop the Autodiscover process from working correctly. You need to reconfigure Exchange to use the external name internally.
http://semb.ee/hostnames2007

Simon.
0
 
daskas27Author Commented:
We have a trusted cert. We have about 100 users and only 2 users are having this happen. I am hesitant to reconfigure the server in any way at this time for 2 users and risk the 98 that are not having issues. It should be noted that the 2 people that are having issues are connected VPN. There are 10 users in that location and, again, only 2 are having issues. Also, If I set them up to run online, (uncheck cache mode), it works fine.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Simon Butler (Sembee)ConsultantCommented:
If you have a trusted certificate and you have no reconfigured the server to use the external host name throughout, then you will have more problems with more users very shortly.
This isn't an optional change.

If you run

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

and the host name returned is NOT one that is on your SSL certificate, then that will cause you problems.
If it is a host name that is on your SSL certificate, then that is good, you need to check that the users on the VPN are resolving the host name to the correct INTERNAL IP address.

Simon.
0
 
daskas27Author Commented:
Hi, The host name returned is on the certificate. I have found that of the two having trouble one seems to be local to that machine. I logged into a different machine as that user and running outlook does not result in prompts.
0
 
Simon Butler (Sembee)ConsultantCommented:
The filter is probably scanning the HTTPS traffic which is breaking the authentication packet. Not unusual.
Switching to basic would allow the packet through, but it would always prompt.

Simon.
0
 
daskas27Author Commented:
I don't think that is the case. We have the same unit here on site and we have no problems. Perhaps something to do with a subnet?
0
 
Simon Butler (Sembee)ConsultantCommented:
The only way that a subnet would have a problem is if the two sites were using the same subnet, which would confuse the VPN client. However if that was happening then I wouldn't expect anything to happen, as it would be trying to connect back to itself.

Simon.
0
 
NRiehmCommented:
Hi,
I had the same Problem with one Client in my configuration. Spending some hours of time, the solution was very easy. The user obviously has put in to the credential storage some wrong values. After Clearing the Windows credential storage the user put in the right Name and Password and checked the mark for remembering that credentials, the System never asked any more for the credentials.
0
 
daskas27Author Commented:
I found the problem by doing my own research.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.