Exchange 2007 - Outlook 2010 - Renewed Certificates - Outlook Asking for Credentials

Hello,
      We just renewed the certificates on our Exchange server yesterday. I now have several users that have the dreaded popup asking for credentials. Of coarse, no matter what you enter for credentials it just pops back up. We are using Exchange 2007 and Outlook 2010. All users run Outlook in cache mode. Any help with this would be appreciated.

Thank you
LVL 1
daskas27Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Credential popup is a classic sign of a problem with the SSL certificate.
Did you renew it with a trusted SSL certificate?
If so, have you ensured that it is installed correctly? You should be able to browse to OWA and not get any SSL prompts.

If you haven't changed the configuration of Exchange, then you are probably experiencing the problem with the internal name being removed from the SSL certificate. That will stop the Autodiscover process from working correctly. You need to reconfigure Exchange to use the external name internally.
http://semb.ee/hostnames2007

Simon.
0
daskas27Author Commented:
We have a trusted cert. We have about 100 users and only 2 users are having this happen. I am hesitant to reconfigure the server in any way at this time for 2 users and risk the 98 that are not having issues. It should be noted that the 2 people that are having issues are connected VPN. There are 10 users in that location and, again, only 2 are having issues. Also, If I set them up to run online, (uncheck cache mode), it works fine.
0
Simon Butler (Sembee)ConsultantCommented:
If you have a trusted certificate and you have no reconfigured the server to use the external host name throughout, then you will have more problems with more users very shortly.
This isn't an optional change.

If you run

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

and the host name returned is NOT one that is on your SSL certificate, then that will cause you problems.
If it is a host name that is on your SSL certificate, then that is good, you need to check that the users on the VPN are resolving the host name to the correct INTERNAL IP address.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

daskas27Author Commented:
Hi, The host name returned is on the certificate. I have found that of the two having trouble one seems to be local to that machine. I logged into a different machine as that user and running outlook does not result in prompts.
0
daskas27Author Commented:
It turns out that at that location there is a Barracuda Web Filter in place. I bypassed the web filter and the credential requests have stopped. Any ideas on why the Barracuda device would cause problems after the certificate renewal?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
The filter is probably scanning the HTTPS traffic which is breaking the authentication packet. Not unusual.
Switching to basic would allow the packet through, but it would always prompt.

Simon.
0
daskas27Author Commented:
I don't think that is the case. We have the same unit here on site and we have no problems. Perhaps something to do with a subnet?
0
Simon Butler (Sembee)ConsultantCommented:
The only way that a subnet would have a problem is if the two sites were using the same subnet, which would confuse the VPN client. However if that was happening then I wouldn't expect anything to happen, as it would be trying to connect back to itself.

Simon.
0
Nikolaus RiehmIT DevelopmentCommented:
Hi,
I had the same Problem with one Client in my configuration. Spending some hours of time, the solution was very easy. The user obviously has put in to the credential storage some wrong values. After Clearing the Windows credential storage the user put in the right Name and Password and checked the mark for remembering that credentials, the System never asked any more for the credentials.
0
daskas27Author Commented:
I found the problem by doing my own research.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.