asked on Outlook 2010 prompts for password on existing profile when migrating from Exchange 2010 to 2016
We're in the process of testing our new Exchange 2016 server. Very basic, no DAGs, single server, etc. We're actually migrating from SBS 2011 (Exchange 2010.)
Mail flow is good, everything is working well, except when we move a mailbox to 2016. Once it's moved, the user is prompted for a password and can not access their Outlook profile no matter what. If we build a new profile for this user, then it works fine. This is for any mailbox we move for testing.
I've been through the following tips/tricks -
- Installed the latest hotfixes for Outlook 2010 to handle internal/external namespaces for Outlook Anywhere and TCP over HTTPS.
- Enabled kernel mode authentication for EWS and autodiscover.
- Changed the default app pool to run against network services.
- Adjusted authentication on both Exchange 2010 and 2016 for NTLM against Autodiscover and EWS in IIS and against "get-outlookanywhere".
- Loopback check for autodiscover was already disabled.
- Microsoft Remote Analyzer shows no errors.
- Set-OrganizationConfig -MapiHttpEnabled $false (Tried this, set it back to true later.)
https://localhost/Autodiscover/Autodiscover.xml works fine.
https://mail.domain.com/Autodiscover/Autodiscover.xml prompts for credentials
Again, the issue is ONLY when we move mailboxes. I'd rather not recreate profiles on each machine in Outlook but this does work.
Mail flow is good, everything is working well, except when we move a mailbox to 2016. Once it's moved, the user is prompted for a password and can not access their Outlook profile no matter what. If we build a new profile for this user, then it works fine. This is for any mailbox we move for testing.
I've been through the following tips/tricks -
- Installed the latest hotfixes for Outlook 2010 to handle internal/external namespaces for Outlook Anywhere and TCP over HTTPS.
- Enabled kernel mode authentication for EWS and autodiscover.
- Changed the default app pool to run against network services.
- Adjusted authentication on both Exchange 2010 and 2016 for NTLM against Autodiscover and EWS in IIS and against "get-outlookanywhere".
- Loopback check for autodiscover was already disabled.
- Microsoft Remote Analyzer shows no errors.
- Set-OrganizationConfig -MapiHttpEnabled $false (Tried this, set it back to true later.)
https://localhost/Autodiscover/Autodiscover.xml works fine.
https://mail.domain.com/Autodiscover/Autodiscover.xml prompts for credentials
Again, the issue is ONLY when we move mailboxes. I'd rather not recreate profiles on each machine in Outlook but this does work.
ExchangeOutlook
Last Comment
Ivan
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
suriyaehnop -
Thanks for the info. Don't believe it's an Outlook problem (At least in terms of compatibility) because we're able to create a new profile and all is fine. Left things alone for two hours and no difference.
Ivan -
Thanks. Everything I've found says when you're mixed with Ex2010, you need to set things to NTLM. I looked at your KBs and the first one is for a proxy and Outlook 2013 (Neither of which apply.)
Second KB also doesn't seem to apply - I checked the profile in Outlook and we're already checked for encrypt data.
Third KB is also for Outlook 2013 or 2016. We did try disabling Mapi previously to see if it would help, but it did not. So we've tried Mapi and RPC.
Fourth KB also doesn't seem to apply.
I'll look more in to the basic authentication. Here's some of what we were finding re: NTLM -
https://gonjer.com/2016/07/02/outlook-prompts-for-credentials-with-exchange-2010-and-20132016-coexistence/
https://jhmeier.com/2016/03/14/exchange-2016-and-2010-coexistenceoutook-shows-login-promt/
Thanks for the info. Don't believe it's an Outlook problem (At least in terms of compatibility) because we're able to create a new profile and all is fine. Left things alone for two hours and no difference.
Ivan -
Thanks. Everything I've found says when you're mixed with Ex2010, you need to set things to NTLM. I looked at your KBs and the first one is for a proxy and Outlook 2013 (Neither of which apply.)
Second KB also doesn't seem to apply - I checked the profile in Outlook and we're already checked for encrypt data.
Third KB is also for Outlook 2013 or 2016. We did try disabling Mapi previously to see if it would help, but it did not. So we've tried Mapi and RPC.
Fourth KB also doesn't seem to apply.
I'll look more in to the basic authentication. Here's some of what we were finding re: NTLM -
https://gonjer.com/2016/07/02/outlook-prompts-for-credentials-with-exchange-2010-and-20132016-coexistence/
https://jhmeier.com/2016/03/14/exchange-2016-and-2010-coexistenceoutook-shows-login-promt/
ASKER
We have a winner. All those hours and all I did was change Outlook Anywhere on 2016 to basic. Came right up and all is well. THANKS!!!!!!
:)
One migrated, leave it for 2 hours suspect AD replication still not complete yet.
List of supported Outlookuclients are supported. Windows clients need Outlook 2010 with KB2965295, Outlook 2013 or Outlook 2016. As for Mac clients, you need Outlook for Mac 2011 or Outlook for Mac for Office 365. Upgrade your clients if needed. You’ll note here that Outlook 2007 was supported for Exchange 2013 but is no longer supported for Exchange 2016