Windows XP/Outlook 2010 clients endlessly ask for authentication on Exchange 2013...

Since upgrading to Exchange 2013, I am having an issue in which when any of my Windows XP clients open Outlook, the server will prompt them for credentials and never accept them. Looking online, I see that XP/Exchange 2013 issues are fairly common. I have tried running the following:

Set-OutlookProvider EXPR -CertPrincipalName:""msstd:FQDNSERVERNAME"
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:FQDNSERVERNAME
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:FQDNSERVERNAME
Get-OutlookAnywhere | set-Outlookanywhere -IISAuthenticationMethods Basic,NTLM,Negotiate
Get-OutlookAnywhere -Server SERVERNAME | Set-OutlookAnywhere -InternalClientAuthenticationMethod Basic (and NTLM)

Open in new window


In every case, Outlook will open the very first time if I setup the account manually (not using Autodiscover). Every subsequent time, Outlook will prompt for the user's credentials but never actually accept them. Any ideas as to how I can fix this for now? While we have replaced several machines with newer Windows 7 machines, we are still not prepared to replace all of them just yet. Any ideas as to how I can fix these problems for now? Is there a way to completely remove the "CertPrincipalName" directive?

Any help would be appreciated.
medium_gradeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
check the events on the CAS server and verify the Certificate is fine. Also you need to check the authentication is properly set or not.
Phil CoulsonCommented:
Hey there,

Here's a solution that might work:

1. In the windows profile, disable the auto discover


The register that set were (using outlook 2007):
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ExcludeScpLookup"=dword:00000001
"ExcludeHttpRedirect"=dword:00000001
"ExcludeHttpsAutoDiscoverDomain"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"PreferLocalXML"=dword:00000001
"ExcludeSrvRecord"=dword:00000001

2. Un-check option


Next step is to go Connection settings and un-check the only connect to proxy servers that have this principal in there certificate.

#Note: This process has been done using basic authentication.

Hope this works out for you. In case you have any further queries you can always reply back.

Best Regards
Phil

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
medium_gradeAuthor Commented:
Phil Coulson,

The clients are using Outlook 2010. Will this still work assuming I use the correct version number?

Also, if I uncheck the "only connect to proxy servers that have this principal in there certificate" box, won't it re-populate once the user connects or is it auto discover that does that?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.