Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Outlook Anywhere keeps asking for credentials

Posted on 2016-09-07
2
Medium Priority
?
154 Views
Last Modified: 2016-09-09
We have switched our SBS2011 (Exchange 2010) from a self-issued certificate to an SHA-2 one from GoDaddy.

Then we want to connect to it using Outlook Anywhere, basic authentication. We have some users using Macs, and to avoid NTLM problems with Macs we chose basic.

Now Macs connect fine, no problem.
PCs connect as well and session is stable, but every 3-4 minutes a prompt for credentials keeps coming up (on PCs only, not on Macs).

Many sites on the web recommend the

Set-OutlookProvider EXPR –CertPrincipalName “msstd:site.com”

Open in new window

command, which we did, but no fix.

We noticed in Outlook settings "Connect using SSL only" is checked and grayed out - while our new certificate is SHA-2 (?)
Please advise (what did we do wrong?)
0
Comment
Question by:campinam
2 Comments
 
LVL 43

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41789091
The EXPR setting should match the certificate you are using. If your cert's name shows mail.domain.com, set it to msstd:mail.domain.com. If you use a wildcard, set it to msstd:*.domain.com. But generally, constant login prompts are not a result of Certificate issues.

Make sure your IIS sites are configured with all of the default authentication settings. https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx has all the default settings for IIS. If you modify the authentication settings from the default, it will break authentication in all versions of Exchange after 2010 and cause multiple login prompts/failed logins. This can be resolved by resetting the IIS authentication settings back to the default.

The way to change how authentication works in Outlook Anywhere is to change the authentication settings through the Exchange Admin portal or Exchange Powershell. The following command should do that for you:

get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic

Open in new window

0
 

Author Comment

by:campinam
ID: 41792038
Thank you very much for helping. Now it's fixed. We ended up replacing the Autodiscover DNS record with an SRV record on both internal and external DNS servers.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
how to add IIS SMTP to handle application/Scanner relays into office 365.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question