Solved

Outlook Anywhere keeps asking for credentials

Posted on 2016-09-07
2
132 Views
Last Modified: 2016-09-09
We have switched our SBS2011 (Exchange 2010) from a self-issued certificate to an SHA-2 one from GoDaddy.

Then we want to connect to it using Outlook Anywhere, basic authentication. We have some users using Macs, and to avoid NTLM problems with Macs we chose basic.

Now Macs connect fine, no problem.
PCs connect as well and session is stable, but every 3-4 minutes a prompt for credentials keeps coming up (on PCs only, not on Macs).

Many sites on the web recommend the

Set-OutlookProvider EXPR –CertPrincipalName “msstd:site.com”

Open in new window

command, which we did, but no fix.

We noticed in Outlook settings "Connect using SSL only" is checked and grayed out - while our new certificate is SHA-2 (?)
Please advise (what did we do wrong?)
0
Comment
Question by:campinam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789091
The EXPR setting should match the certificate you are using. If your cert's name shows mail.domain.com, set it to msstd:mail.domain.com. If you use a wildcard, set it to msstd:*.domain.com. But generally, constant login prompts are not a result of Certificate issues.

Make sure your IIS sites are configured with all of the default authentication settings. https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx has all the default settings for IIS. If you modify the authentication settings from the default, it will break authentication in all versions of Exchange after 2010 and cause multiple login prompts/failed logins. This can be resolved by resetting the IIS authentication settings back to the default.

The way to change how authentication works in Outlook Anywhere is to change the authentication settings through the Exchange Admin portal or Exchange Powershell. The following command should do that for you:

get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic

Open in new window

0
 

Author Comment

by:campinam
ID: 41792038
Thank you very much for helping. Now it's fixed. We ended up replacing the Autodiscover DNS record with an SRV record on both internal and external DNS servers.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question