Outlook 2010 tries to connect over HTTPS while Outlook Anywhere is NOT enabled


I'm experiencing something weird. It's an Exchange 2010 environment. I installed Exchange 2016 next to it but none of the DNS names are pointing to 2010 yet.

Still, Outlook clients are suddenly trying to connect over HTTPS (isn't that MAPI/HTTP ?) and giving a password prompt. When you restart Outlook, the password prompt disappears and connection is fine. Sometimes a new profile is required. Hundreds of users are having this problem. What is that? Is 2016 somehow already spreading its influence? :-)

Outlook connection status
Jozef WooSystem EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
Hi Jozef,
When an outlook search for CAS server and if it doesnt reach it will try to connect to the next available CAS server. This is by design.
Did you point your common name to Exchange 2016?
If you point your common name to Exchnage 2016 all your outlook clients will work as expected. Do not forget to configure outlook anywhere and mapi.
In Exchange 2010 you should configure IISauthencaitionmethods to basic,NTLM in outlook anywhere settings.
Set-OutlookAnywhere -Identity "EX2010\Rpc (Default Web Site)" -IISAuthenticationMethods ntlm, basic

Open in new window

Pete LongTechnical ConsultantCommented:
:) Now you have deployed Exchange 2016, you have 'Service connection Points' that you probably didn't have before, and Outlook can see them now.
Jozef WooSystem EngineerAuthor Commented:
All SCPs point to autodiscover.domain.com and that DNS name points to Exchange 2010 only.

I do see that Outlook Anywhere is checked (enabled) in the Outlook 2010 account / connection settings. I don't know why this is because Outlook Anywhere has never been enabled on Exchange 2010 in this environment.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Vidit BhardwajAdminCommented:
Check the organization config you might have enable mapi/http enabled .. also if you are using outlook 2016 it first tries to connect to office 365 over https
Jozef WooSystem EngineerAuthor Commented:
We are using Outlook 2010. Indeed, for Exchange 2016 MAPI/HTTP is enabled by default for the organization. Does that mean that as soon as you install Exchange 2016 in your organization that clients will try to connect via MAPI/HTTP even if nothing points to Exchange 2016 yet? That would be surprising.
Vidit BhardwajAdminCommented:
No that should not be the case if the mailbox is of Exchange 2010 it should go tco/IP internally, what is the autodiscover reponse you get also make sure outlook is not set for both fast and slow network in connection settings.
Jozef WooSystem EngineerAuthor Commented:
I did a Test E-Mail Autoconfiguration and I see a response for MAPI/RPC (EXCH) and for RPC/HTTP (EXPR) even though Outlook Anywhere is disabled. Normally, when Outlook Anywhere is disabled, the autodiscover XML should not include EXPR as far as I know. Is this because Exchange 2016 was installed?
Jozef WooSystem EngineerAuthor Commented:
I think I found the cause and it's actually very interesting/surprising.

Previously it was an Exchange 2010 environment with Outlook Anywhere disabled. The only provider in the autodiscover XML respons was EXCH (and not EXPR).

I installed Exchange 2016 and as is prescribed I configured all Autodiscover SCP to autodiscover.domain.com, a DNS name that points to Exchange 2010 only (for as long as all mailboxes still reside on 2010).

Surprisingly, simply installing Exchange 2016 changed the autodiscover XML for all 2010 users, adding the EXPR provider (and thus enabling Outlook Anywhere in the Outlook clients!)

The problem here was that by default, Outlook Anywhere is configured with Negotiate authentication on Exchange 2016. Exchange 2010 does not recognize this (it even shows "misconfigured" if you do Get-OutlookAnywhere from a 2010 server) and the result was an autodiscover XML respons for the users with an EXPR provider but without an authentication package!

The result of this in turn was that Outlook Anywhere was set to Basic authentication in the Outlook Account settings (I guess falling back to default since no recognized auth package came with autodiscover).

I suspect the prompts were coming from this Basic auth behaviour.

Anyway, lessons learned: introducing an Exchange 2016 server will always impact your environment, even if nothing points to it!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vidit BhardwajAdminCommented:
Thanks for sharing Jozef
Jozef WooSystem EngineerAuthor Commented:
It was the only real solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.