• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

Exchange 2010 Terminal Server Constant Credentials Request

Hi,
I've inherited a 2010 Exchange Server in house that hosts a mailbox that has 3 calendars that everybody uses.  I'm not sure why but instead of just sharing the calendars to each user, everybody logs into a terminal server and opens outlook 2010 to view the calendar.  Users can access the calendars but the problem is that every couple of minutes, outlook is prompting the user for the mailbox credentials.  Anybody have any experience with this?

Thanks for looking!
0
Jason
Asked:
Jason
  • 9
  • 4
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Any number of reasons for that - the most common reason being Autodiscover and SSL certificate issues.
Does the same problem happen elsewhere?
Is the terminal server fully up to date with patches for Outlook?

Simon.
0
 
JasonAuthor Commented:
I think you're onto something.  I created a new account to see.  Everybody probably checked the box for "Don't ask me about this website again" so I didn't see it at first but this triggers it.  It asks to "Allow this website to configure emailaddress@domain.com settings?"  It lists https://website/autodiscover/autodiscover.xml website is listed and says "Your account was redirected to this website for settings.  You should only allow settings from sources you know and trust".  After clicking allow, it prompts for credentials.  There is a dns Alias record for autodiscover with the website listed but it's adr.website.website.com
0
 
Simon Butler (Sembee)ConsultantCommented:
You shouldn't be getting Autodiscover prompts - particularly if that is an external site you are seeing in the address.
That suggests that the server isn't configured correctly.

Check the value of this command:

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

Ensure that the host name returned
a. Resolves internally to the Exchange server
b. Has a matching trusted SSL certificate.

Ensure it resolves correctly on the terminal server.

Do you have a trusted SSL certificate on the server? If so, ensure the host name resolves internally via split DNS.

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
JasonAuthor Commented:
Sorry, I forgot to clarify, the user email is hosted on Appriver but this "Service" account that they share the calendars on, is hosted internally.  It is like 1 of 5 mailboxes.  So I'm pretty sure it's screwed up because the autodiscovery should point to the exchange server normally but since they have their appriver hosted email configured in outlook along with a secondary mailbox for this "service" account on the local exchange box they have the autodiscovery pointed out to appriver.
0
 
JasonAuthor Commented:
Identity has two servers listed.  Trying to find out what the other one is.
0
 
JasonAuthor Commented:
So it appears that the second server that shows up in the identities is an old server that wasn't decommissioned properly.
0
 
JasonAuthor Commented:
So I did an adsi edit and deleted the server that doesn't exist anymore but it still shows up in the get-clientaccess command.  Any ideas?
0
 
JasonAuthor Commented:
It hasn't popped up on my computer today, so it appears to just be on the terminal server now, I believe.
0
 
Simon Butler (Sembee)ConsultantCommented:
Is there anything different between the workstations and the terminal server that could account for the difference? DNS server configuration on the NIC would be one example.

Simon.
0
 
JasonAuthor Commented:
I'm connecting via the vpn but my dns server is the same, utilizing the DC at 192.168.1.1.
0
 
JasonAuthor Commented:
Can you tell me how to renew this certificate?  It gives me an enrollment error, request contains no certificate template information.  
The expired cert is in Personal>Certificates.  It's issued to itself, by itself for "server authentication".  Exchange server.
The mail.domain.com cert is a godaddy and has been expired since December.  I assume they were just updating their SSL certs and stuff for the hosted exchange and left this one to rot.  If this is related, why wouldn't they experience the problem a long time ago?
And if this is the cause, why would my laptop not be experiencing the issue?  Ugh
0
 
Simon Butler (Sembee)ConsultantCommented:
If everything else is in the cloud - why not push those three mailboxes to the cloud as well? That would allow the server to be removed completely.
To renew the certificate you will need to go through the certificate wizard to generate a new request. Then that request is given to the SSL provider.

As to why it hasn't caused a problem - that is hard to say. A lot of problems with Exchange are caused by SSL certificate trust issues.

The fact that you are connecting over a VPN could be significant, as it could mean the traffic is going somewhere different or behaving in a different way. You really need to using the same connection process to see whether there is anything different.

Simon.
0
 
JasonAuthor Commented:
SSL certs were the problem.  Updated the expired ones and switched their .local domain to use a FQDN.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now