Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Anywhere keeps asking for credentials

Posted on 2016-09-07
2
Medium Priority
?
145 Views
Last Modified: 2016-09-09
We have switched our SBS2011 (Exchange 2010) from a self-issued certificate to an SHA-2 one from GoDaddy.

Then we want to connect to it using Outlook Anywhere, basic authentication. We have some users using Macs, and to avoid NTLM problems with Macs we chose basic.

Now Macs connect fine, no problem.
PCs connect as well and session is stable, but every 3-4 minutes a prompt for credentials keeps coming up (on PCs only, not on Macs).

Many sites on the web recommend the

Set-OutlookProvider EXPR –CertPrincipalName “msstd:site.com”

Open in new window

command, which we did, but no fix.

We noticed in Outlook settings "Connect using SSL only" is checked and grayed out - while our new certificate is SHA-2 (?)
Please advise (what did we do wrong?)
0
Comment
Question by:campinam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41789091
The EXPR setting should match the certificate you are using. If your cert's name shows mail.domain.com, set it to msstd:mail.domain.com. If you use a wildcard, set it to msstd:*.domain.com. But generally, constant login prompts are not a result of Certificate issues.

Make sure your IIS sites are configured with all of the default authentication settings. https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx has all the default settings for IIS. If you modify the authentication settings from the default, it will break authentication in all versions of Exchange after 2010 and cause multiple login prompts/failed logins. This can be resolved by resetting the IIS authentication settings back to the default.

The way to change how authentication works in Outlook Anywhere is to change the authentication settings through the Exchange Admin portal or Exchange Powershell. The following command should do that for you:

get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic

Open in new window

0
 

Author Comment

by:campinam
ID: 41792038
Thank you very much for helping. Now it's fixed. We ended up replacing the Autodiscover DNS record with an SRV record on both internal and external DNS servers.
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question