Solved

Outlook Anywhere keeps asking for credentials

Posted on 2016-09-07
2
116 Views
Last Modified: 2016-09-09
We have switched our SBS2011 (Exchange 2010) from a self-issued certificate to an SHA-2 one from GoDaddy.

Then we want to connect to it using Outlook Anywhere, basic authentication. We have some users using Macs, and to avoid NTLM problems with Macs we chose basic.

Now Macs connect fine, no problem.
PCs connect as well and session is stable, but every 3-4 minutes a prompt for credentials keeps coming up (on PCs only, not on Macs).

Many sites on the web recommend the

Set-OutlookProvider EXPR –CertPrincipalName “msstd:site.com”

Open in new window

command, which we did, but no fix.

We noticed in Outlook settings "Connect using SSL only" is checked and grayed out - while our new certificate is SHA-2 (?)
Please advise (what did we do wrong?)
0
Comment
Question by:campinam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789091
The EXPR setting should match the certificate you are using. If your cert's name shows mail.domain.com, set it to msstd:mail.domain.com. If you use a wildcard, set it to msstd:*.domain.com. But generally, constant login prompts are not a result of Certificate issues.

Make sure your IIS sites are configured with all of the default authentication settings. https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx has all the default settings for IIS. If you modify the authentication settings from the default, it will break authentication in all versions of Exchange after 2010 and cause multiple login prompts/failed logins. This can be resolved by resetting the IIS authentication settings back to the default.

The way to change how authentication works in Outlook Anywhere is to change the authentication settings through the Exchange Admin portal or Exchange Powershell. The following command should do that for you:

get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic

Open in new window

0
 

Author Comment

by:campinam
ID: 41792038
Thank you very much for helping. Now it's fixed. We ended up replacing the Autodiscover DNS record with an SRV record on both internal and external DNS servers.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question