On prem exchange 2013, outlook audiscover fails with message an encrypted connection to your mail server is not available'

I have recently configured rpc over http with NTLM auth in our staging env with exchange 2013 (enterprise) and AD 2012R2, by setting MapiHttpEnable $false at the exchange org level,  to have it match our production.

From an internal env (within the datacenter network -same network as the exchange servers using virtual desktop) outlook profiles are able to be created successfully, and outlook connects using rpc over http with ntlm.

however, when connecting to the env on a physical machine through vpn to the staging env, and creating an outlook profile using auto discover, with outlook 2013 and outlook 2016, the following message displays: 'an encrypted connection to your mail server is not available, click next to attemp an unencrypted connection'. Tried this on multiple machines, and same issue.

When i click next, it fails. Autodiscover is setup correct, because before when mapi over https was enabled on exchange servers, outlook was fine on physical machine connected via vpn. Outlook was able to successfully make a connection via autodiscover. However now it is not. In between we have load balancer, and firewall.

Please assist to troubleshoot this issue.
Thanks in advance.
Newguy 123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
do you have any other exchange servers in your environment other than 2013? also why those changes since outlook would connect correctly whether it's mapi/http or rpc/http
Newguy 123Author Commented:
No, no other versions of exchange server. Only exchange 2013, on multiple servers, each server has both mb and cas roles. Switched protocols because with mapi/ http, we were able to successfully build a users mail profile in outlook, and outlook was able to connect to exchange server, but when outlook was closed and re-opened, it kept prompting for credentials, and did not accept them, so it remaind disconnected from exchange server. With rpc/http, outlook is not prompting for cred continuously.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerCommented:
is the prompt on the internal machines also or just the machines connecting via VPN.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

timgreen7077Exchange EngineerCommented:
also just a thought since you are using RPC check to see if outlook is set to always prompt for password. in outlook go to account settings > more settings > security tab and look to see if "always prompt for logon credentials" is checked. if so uncheck it and check results again.
Zeddn ZCommented:
Any fix to this? Getting it on a Microsoft Hosted exchange service.
Newguy 123Author Commented:
Fixed issue myself
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.