Outlook and Skype for bussiness prompt for credentials after disconnecting VPN

rdefino
rdefino used Ask the Experts™
on
We have a on-premise Lync 2010 environment and have all our account in the o365 cloud. Our Lync dns points to on-prem lync 2010. If a user running outlook and SFB drop vpn and reconnect, outlook and SFB would just reconnect.
But we just recently repointed the DNS from the on-premise lync to SFB clound, since then when a user drops vpn they get the windows credential prompt for outlook and skype.

Any idea why this is happening now and what I can do to suppress this until we finish decommissioning the on-prem environment?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Engineer
Distinguished Expert 2017
Commented:
It's mean that if outlook have VPN (local) access to Exchange is using self signed certificate so after login through VPN has dirrect access to Exchange.

If outlook will lose VPN conection then is trying to get DNS resolve to External IP so certificate is diffrent because it's public so that's why is loosing credentials and asking for password.

If computer you're trying to connect from is not part of domain it doesn;t have casched server access credential, so it's quite normal.
I have same think. If I try connect my outlook to Exchange when my VPN is OFF then outlook is asking for password but if I try connect when my VPN is on then is not asking for password.

You can try to do this.

You can create in your local DNS additional local lookup zone

Let say your Exchange name is Exchange and external domain is domain.com

In DNS create new 2 forward lookup zones:

exchange.domain.com
(Same as parent Folder)     Host(A)    192.168.1.10    - this will be your local Exchange IP

second zone

autodiscover.domain.com
(Same as parent Folder)     Host(A)    192.168.1.10    - this will be your local Exchange IP

Run Ipconfig /flushdns when you conected to VPN


After that is should be no difference for remote outlook if connection is from inside or outside, It's going to use external name so is external certificate installed and shouldn't ask for password anymore.
Tom CieslikIT Engineer
Distinguished Expert 2017

Commented:
Best solution provided. No more other questions from author

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial