Manu Life4
asked on
Exchange 2016 + Outlook 2016, external prompt see internal if not internet
Hello,
Infra: Dag x2016
Clients: Outlook 2016
Small question, in the LAN, when users no longer have access to the Internet (eg gateway failure fault) or box etc ... is it normal that the internal outlook requests authentication?
Same, from the outside, I have random connections on outlook. For example, I can make an outlook 2016 profile, the autodiscover runs correctly, it connects a first time but randomly, as soon as we close outlook and we reopen it asks for authentication.
The config is the following for all
Domain: domainets.fr
Mail.domainets.fr> Internal & external URL for all services (EAS, EWS, OWA, MAPI etc ...)
Same for OA: mail.domainets.fr> internal and external
All authentication is in NTLM (IIS and clients)
In the local dns I point mail.domainets.fr to the 2 servers.
Thank you for your help ! :)
Infra: Dag x2016
Clients: Outlook 2016
Small question, in the LAN, when users no longer have access to the Internet (eg gateway failure fault) or box etc ... is it normal that the internal outlook requests authentication?
Same, from the outside, I have random connections on outlook. For example, I can make an outlook 2016 profile, the autodiscover runs correctly, it connects a first time but randomly, as soon as we close outlook and we reopen it asks for authentication.
The config is the following for all
Domain: domainets.fr
Mail.domainets.fr> Internal & external URL for all services (EAS, EWS, OWA, MAPI etc ...)
Same for OA: mail.domainets.fr> internal and external
All authentication is in NTLM (IIS and clients)
In the local dns I point mail.domainets.fr to the 2 servers.
Thank you for your help ! :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes it is an internal proxy.
Precisely I ask myself the sophos proxy questions. Because external and internal authentication for all services is in NTLM (or negotiate)
But why outlook constantly asks for authentication?
We'll look for the firewall, but the owa and the rest are accessible from the external.
Here is for example what it gives (from outside)
I open outlook and it asks me for authentication
If I type the password
I close outlook and reopen
I also noticed that the offline address book OAB does not download
Precisely I ask myself the sophos proxy questions. Because external and internal authentication for all services is in NTLM (or negotiate)
But why outlook constantly asks for authentication?
We'll look for the firewall, but the owa and the rest are accessible from the external.
Here is for example what it gives (from outside)
I open outlook and it asks me for authentication
If I type the password
I close outlook and reopen
I also noticed that the offline address book OAB does not download
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For the outside, ok, but how in this case did not asked for authentication at each opening or randomly?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello, ok thanks i will do the tests. In the meantime I will also see if the Sophos proxy server does packet inspection
The outlook anywhere is configured with the external address in mail.domain.fr in NTLM. Do you think I should switch to basic?
thanks, thanks for help
The outlook anywhere is configured with the external address in mail.domain.fr in NTLM. Do you think I should switch to basic?
thanks, thanks for help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok for NTLM, but it goes in contradiction with what says Amit Kumar not?
The exchange is live, (no TMG / ARR / ISA etc ...))
Logic, NTLM for internal clients
Basic for external OA (?)
The exchange is live, (no TMG / ARR / ISA etc ...))
Logic, NTLM for internal clients
Basic for external OA (?)
No Manu, I also said same thing that computer/user connected to domain network will not have to enter creds for NTLM. but for external network it will ask.
Now comes with Internal authentication prompt, which I already said that if Proxy is routing this traffic then it should not because it is internal traffic Proxy is required for internet traffic.
Now comes with Internal authentication prompt, which I already said that if Proxy is routing this traffic then it should not because it is internal traffic Proxy is required for internet traffic.
ASKER
Ok, understood, thank you very much.
I'll look at the proxy and if necessary make changes for authentication.
Thank you well, I keep you up to date :)
I'll look at the proxy and if necessary make changes for authentication.
Thank you well, I keep you up to date :)
Appropriate suggestions provided.
ASKER
Mail.domainets.fr> 192.xxxxxxxx
I have to check.
When I go outside, the connections are random, it works, sometimes it disconnects, oddly If I make a profile, it works, and can lose the connection sometimes .. if I close outlook and reopen it asks for the identifiers of Connection is not really normal from the outside either.
Yet I check the box "keep my identifiers" in outlook.
The credential manager, deleting etc .. does not change anything.
We have a proxy Sophos... (?)