Outlook Password Prompts (Exchange 2010)

We have a 2 way trust between AD sites in our org.
The entire subnets are either VPN, or MPLS but they completely communicate with each other.0
DNS resolve completely between the 2 domains.
We have 2 Exchange 2010 SP3 environments which we are bringing in to 1.
Here is the issue:
We are performing move-request between the two exchange environments because the target Exchange environment is replacing the source, and we are linking the mailboxes to the user account of the source domain, because the user accounts aren't changing. For some reason, some users are getting prompted for a password every time they open outlook, while other users are not. When I checked the connection status in outlook it shows that the users getting prompts are connecting via HTTP and authenticating NTLM, so its seeing the connections as remote like they are connecting via outlook anywhere. Other users are fine and when looking at the connection status they are connecting locally. These users are on multiple subnets but all local. Subnets are set by floors. Any idea why some users are being connected via HTTP and other TCP\IP local. They are all connecting to the same exchange servers.

Exchange Setup:
DAG with 2 DBs and 2 nics for MAPI and Storage traffic
2 HUB Servers
2 CAS servers with Windows NLB (Cas Array)
LVL 26
timgreen7077Exchange EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BembiCEOCommented:
The way how users are connecting is stored in the Outlook profile.
So possible the older profiles may have this issue....
Also the different Outlook versions may have different mechanism.

Have you tried to recreate one of the profiles just to see if the logon disappears?
Also in the profile itself there is a setting to prefer HTTP or TCP.
MaheshArchitectCommented:
Check RPC ports from client network segments to Exchange CAS and Mailbox servers

Outlook use RPC ports to connect to Exchange CAS and mailbox (address book), if its not able to connect to CAS through RPC, automatically outlook will fall back to https connection (autodiscover behavior)

Ensure that RPC port range (6005-59530) is opened from outlook segments to CAS and Mailbox servers
If you have configured static RPC ports for Exchange CAS and Mailbox, you need to ensure those ports are opened from outlook clients
Check below link to setup RPC static ports
http://social.technet.microsoft.com/wiki/contents/articles/864.configure-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerAuthor Commented:
Yes I have recreated the profiles and even setup user on a different computer and yes it set for TCP unless slow connection. I will confirm RPC ports and update.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MaheshArchitectCommented:
also note that exchange tries to authenticate users in same AD site where exchange servers resides
Make sure that Ad auth ports are opened from clients to domain controllers in exchange site, otherwise its likely to get authentication prompt
timgreen7077Exchange EngineerAuthor Commented:
I have made the changes to the port ranges on the CAS array and that seems to have fixed the issue. Once they get in the office tomorrow I will confirm for sure and let you know.
timgreen7077Exchange EngineerAuthor Commented:
Thanks a lot! This has fixed the issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.