Solved

Outlook Anywhere keeps asking for credentials

Posted on 2016-09-07
2
76 Views
Last Modified: 2016-09-09
We have switched our SBS2011 (Exchange 2010) from a self-issued certificate to an SHA-2 one from GoDaddy.

Then we want to connect to it using Outlook Anywhere, basic authentication. We have some users using Macs, and to avoid NTLM problems with Macs we chose basic.

Now Macs connect fine, no problem.
PCs connect as well and session is stable, but every 3-4 minutes a prompt for credentials keeps coming up (on PCs only, not on Macs).

Many sites on the web recommend the

Set-OutlookProvider EXPR –CertPrincipalName “msstd:site.com”

Open in new window

command, which we did, but no fix.

We noticed in Outlook settings "Connect using SSL only" is checked and grayed out - while our new certificate is SHA-2 (?)
Please advise (what did we do wrong?)
0
Comment
Question by:campinam
2 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789091
The EXPR setting should match the certificate you are using. If your cert's name shows mail.domain.com, set it to msstd:mail.domain.com. If you use a wildcard, set it to msstd:*.domain.com. But generally, constant login prompts are not a result of Certificate issues.

Make sure your IIS sites are configured with all of the default authentication settings. https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx has all the default settings for IIS. If you modify the authentication settings from the default, it will break authentication in all versions of Exchange after 2010 and cause multiple login prompts/failed logins. This can be resolved by resetting the IIS authentication settings back to the default.

The way to change how authentication works in Outlook Anywhere is to change the authentication settings through the Exchange Admin portal or Exchange Powershell. The following command should do that for you:

get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic

Open in new window

0
 

Author Comment

by:campinam
ID: 41792038
Thank you very much for helping. Now it's fixed. We ended up replacing the Autodiscover DNS record with an SRV record on both internal and external DNS servers.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now