Changing Outlook Anywhere from NTLM to Basic Auth (remote users having issues)

Similar Messages

• Outlook 2003 from Office 2003 Basic Edition - Connector Install Error

  I am unable to install the Outlook Connector on machines running Outlook 2003 from Office 2003 Basic Edition. Standard Edition clients seem to work fine. I am getting something similar to the following error:
  Severe
  Error retrieving Outlook version.Setup cannot continue
  I have tried the 9.0.4.2.0 version, is there one newer than this?
  Is there something I can do to Outlook to make it pass for an acceptable version? This seems to me to be an error in the installer, so perhaps I can fool it?
  Thanks in advance,
  Bob

  Nevermind. An Office Repair did the trick. The problem machines also had some of the Office 2000 components installed.

• Change Outlook Anywhere Authentication

  Hello experts,
  We have an Exchange 2010 environment and all clients are connecting using Outlook Anywhere. By All I mean all clients inside the network, outside the network, domain joined, so all.
  Following is the Authentication settings on Outlook Anywhere.
  ClientAuthenticationMethod      : Basic
  IISAuthenticationMethods        : {Basic}
  I want to change all users to use NTLM, so no more password prompts. I want to reduce the impact because we have more than 10k clients. Based on my understanding, I am planning below approach. Any suggestion will be appreciated.
  1. Change the IISAuthenticationMethods to have both Basic & NTLM using set-outlookanywhere command. This will allow clients to use both Basic & NTLM and we can do tests from all locations if its working without any issue.
  2. Chang the ClientAuthenticationMethod to NTLM, so Autodiscover will update all existing and new clients to use NTLM.
  3. Modify any GPO if in place to change the Outlook authentication to NTLM.
  Anything else which need to be taken care of. Many thanks for any suggestions in advance.
  -V
  -V

  Hi,
  To make Outlook client use NTLM authentication, I recommend you use the command set-outlookanywhere to change the authentication method. Because the Outlook Anywhere configuration in the Outlook client side will be updated by Autodiscover service every time
  we open Outlook.
  And we can run the following command: get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods  basic,Ntlm –
  ClientAuthenticationMethod NTLM
  Best regards,
  Angela Shi
  TechNet Community Support

• Changing Outlook Anywhere internal URL disconnects XP clients

  Good morning,
  I am supposed to change the internal Outlook Anywhere hostname for an Exchange installation:
  recent internal hostname: webmail.contoso.com
  future internal hostname: webmail.contoso.local
  The external hostname for OA is not set, because OA should not be available from external. 
  Now I made a test changing the internal hostname as follows:
  generate a new Exchange certificate with subject name "webmail.contoso.local"
  Set-OutlookAnywhere -InternalHostname webmail.contoso.local -InternalClientsRequireSSL:$True
  Afterwards I made some tests on several clients:
  Windows 7: working fine, it takes some time but Outlook updates its profile to the new internal OA name and connects to the mailbox
  Windows XP: Outlook profile is not updated automatically, if I update it manually, Outlook hangs when starting and still tries to establish 1 connection to the old OA internal hostname
  Does anyone of you have an idea how to solve this? I appreciate your suggestions, thank you very much. :-)
  Sebastian

  Hello,
  Have you updated the host name on the certificate from “webmail.contoso.com” to “webmail.contoso.local”?
  Run “Connection Status” on both Windows 7 and Windows XP and see if they connect to different DC. If so, check the DC replication issue.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Changes in XML from Extended IDOC Basic type

  Hi Experts,
  We have an outbound PO IDOC (ORDERS05) that is converted to XML. If we are going to extend the IDOC, do we need to change anything in the XML as well? Or the new data will already be there in the XML?
  Br,
  LM

  Hi Experts,
  Any ideas on this one??
  Thanks in advance,
  LM

• Change the labels from Plot0, Plot1... to user defined labels

  In Labview (using Continuous Acquisition to Spreadsheet VI), I am graphing a test using 16 thermocouples. The names of the curves defaulted to Plot0, Plot1, Plot2.... I want to change the plot names to something meaningful, like TopCenter, MiddleLeft, BottomRear.... Can I do this and how? I've searched with no luck. Thanks in advance.

  Hi Willard,
  If you want to set fixed names you simply can change them in the plot legend and save your vi.
  If you want to do it progammatically, you should use the chart properties ActivePlot to select which plot you want to change the name and Plot.Name to set its name.
  Here's a simple example.
  Good luck,
  Alberto
  Attachments:
  set_plot_names.vi ‏21 KB

• Changing background picture every 5 seconds.....having issues

  When I switch the background picture to change every 5 seconds my computer either freezes, runs slow, doesn't work normal (if I open another application it won't be functional). I have 1gb of ram (came with the computer) so I'm not sure if this is where the problem stems from.
  If I set it to change the picture ever minute then I don't have any problems.
  Any help is greatly appreciated.

  Although unlimited it is limited to 300Gb download+upload.
  Is it at all possible that you have maxed out your download cap. You therefore will have reduced speed during peak times.
  Does not explaine your speedtest results out side of that.
  You have checked all your equipment and tested on the your test socket and changed filters etc.
  If all of this is done and it's still the same, sadly a call to support will need to be made so they can investigate further.
  http://meanmint.spaces.live.com/

• For those users having issues syncing outlook exchange to iphone read this

  I just went through **** on my network getting iphone OS3.0 to sync with exchange and it was so easy once I figured out why,
  scenario: you go through the wizard, not the imap one but the exchange button, put in all your info, have it fail on the autodiscovery and enter in your webmail server address, and nothing, fails to verify or verifies and nothing appears but your inbox, heres why,
  if you go and run the tests from the exchange server (or have your IT folks do it)
  its http://testexchangeconnectivity.com
  run the exchange activesync test (lower one) not the with autodiscover - thats for 2007 exchange users,
  you will need the following ports open on your front end server or firewall
  80 143 443 465 and 993 (this covers all the iphone sync ports needed) you can open 25 if you choose imap, but you wont need imap
  run the test, and if it passes and you dont get mail here's why, theres a http://500 error on the sync feature, because Winblows uses kerberos authentication on the backend, so you need to enable IWA (or integrated windows authentication)to do this remote into or go to the exchange backend server you need to enable integrated windows authentication on the /exchange virtual directory inside IIS, i know microsloth states use the ESM, but dont, once the change is made on the backend server restart it or restart iis services through the iis snapin,
  if you do not have access to the exchange server backend you can buy your it guy some cookies or a food gift (we all love food) and they might be nice and do it,
  * update *I have recieved a few emails about certificates, there are (2) ways to do this,
  either use the iphone configuration utility - slow way
  or email your self signed certificate to yourself and download it on your iphone either through safari and the owa interface or an external gmail or other account. save the cert and it will automatically put itself on the iphone and all you need to do is click/touch install
  other issues, please respond. I am a Engineer with 21yrs experience, and vast experiences in multiple platforms, including the elusive iphone.

  I'm not sure if this fits with the problem I'm having (but I really hope it fixes it!)
  I have a 3G, upgraded to 3.0 the day it was released. Everything was fine until 3 days ago. I have 2 accts set up through the mail app, one is a Yahoo and one is Exchange (for work). Both accounts have always worked perfectly. Suddenly, the iphone Exchange acct stopped accessing my inbox. Yahoo is fine. My calendar and contacts are still syncing to exchange. I can open the mail in my outbox,trash,sent folders. I can send mail from the exchange account on my iphone. It will show me names of the subfolders in my inbox on the iphone - but everytime try to get to the incoming mail, it tries to connect and says it can't est connection. IT says no changes to server. Tried hard reset, restor, delete acct. No luck.

• I need to restore from last backup because my iPhone is having issues. I'd like to keep certain pictures and videos from my iPhone app: Video Safe. If I do restore from last backup, will the pics that I put on the app after my last backup still be on it?

  My iPhone keeps switching between turning wheel and iPhone logo so I need to restore from last backup. I just really want to keep certain videos and pictures from the Video Safe app which were added to it after the last backup.

  Try this First... You will Not Lose Any Data...
  Press and Hold the Sleep/Wake Button and the Home Button at the Same Time...
  Wait for the Apple logo to Appear and then Disappear...
  Usually takes about 15 - 20 Seconds... ( But can take Longer...)
  Release the Buttons...
  http://support.apple.com/kb/ht1430

• Trying to order iPhone 4 from Apple's site. I'm having issues. Please help!

  Okay I'm trying to order the 32GB iPhone 4. I want to have it shipped to my house. I click on replace phone on existing AT&T line, then fill in all the eligibility information. It says I'm eligible for $299 pricing. I click continue and it says "We were unable to complete setup online". Anyone know why I'm getting this message? Could it be Apple's servers or something? Every store around me is sold out, so this is my only option. I'd appreciate any help. Thanks!

  Order from att! so much quicker! i canceled my apple order because their shipping and back-ordering is crazyyyy. If you order from att, you get delivery in about 3-4 days like me!

• Auth Package in Outlook Anywhere AutoDiscover is coming in incorrectly

  Let me describe our situation and environment:
  We have Exchange 2013 running in a 2008r2 level domain and are using Outlook Anywhere / AutoDiscovery to configure non-domain joined clients (this situation will change later, but our current priority is getting the Exchange server running and worrying and
  joining machines to the domain afterwards).  I had tried some configuration changes, which ultimately did not work, and I rolled back those changes.  On the ECP under Servers -> Servers -> My Exchange Server -> Outlook AnyWhere, there is
  a box that lets you choose between NTLM, Basic, and Negotiate authentication.  Exchange 2013 default is negotiate, which was working initially.  After rolling back my changes, however, my clients get repeated password prompts, and their passwords
  are rejected, if I have Outlook Anywhere authentication set to negotiate.  It works fine if I keep it set on NTLM.
  Under Servers -> Virtual Directories -> AutoDiscover (Default Website) -> Authentication, the boxes for Basic Authentication and Integrated Windows Authentication are checked.  These are the default values if I remember correctly.
  Even when I have my Outlook Anywhere authentication set to Negotiate, I have a section of code in the AutoDiscover XML file that Outlook pulls that looks like this:
  <Type>EXPR</Type>
  <Server>exchange.mycompany.com</Server>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  My research tells me that EXPR controls Outlook Anywhere (RPC over HTTP).  The AuthPackage seems to be incorrect here.  It's still giving me NTLM instead of Negotiate.  When I change Outlook Anywhere's authentication back to NTLM, everything
  works (after giving the server about fifteen minutes or so to update).
  What is the problem here?  Why does the autodiscover return the wrong auth package for Outlook Anywhere?  Is there a time delay between changing the authentication for Outlook Anywhere and Exchange updating my Outlook clients so that their settings
  match?  I know that if I go into an Outlook client that is getting prompted for a password after Outlook Anywhere authentication has been changed to Negotiate, I can manually adjust their Exchange Proxy Server settings and get it to work, but I really
  want the AutoDiscover to simply deliver the correct auth package to begin with.
  I don't mind using NTLM authentication; it works.  But I really need to know WHY this is happening and what to do to fix it.  Today, it may not matter, but it may matter in the future as network topology changes, and I will be expected to have
  the answer.
  To further clarify:
  When I run Get-OutlookAnywhere | fl name, *, my internal and external Client Authentication Methods are set to Negotiate, but I still get the entry I showed above in the AutoDiscover XML file that specifies NTLM.

  Outlook ignores the EXPR/EXCH values when connected to Exchange 2013 for autodiscovery, rather it dynamically builds the EXHTTP values based on the AutoD server settings and uses those instead. You should reference those ExHTTP settings when you
  look at the autodiscover results
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
  I also have the following bit of code in the autodiscover file
  <Type>EXHTTP</Type>
  <Server>mail.mycompany.com</Server>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  This would seem to be the EXHTTP you were referencing.  Again, this value is coming out as NTLM after I change my Outlook Anywhere Authentication method in ECP to Negotiate.  Why?  Is there a delay between changing that setting in ECP and when
  it starts showing up in AutoDiscover queries?  If so, what is that delay and how can I change it or force it to update immediately?  Or is it that the setting in ECP does not change the auto discover setting and it has to be changed elsewhere? 
  If that's the case, what do I change, and where do I change it, to alter what autodiscover puts in for AuthPackage in the above snippet of code?

• NTLM Authentication in the Outlook Anywhere

  I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
  When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
  get-OutlookAnywhere:
  ServerName                 : SRVEXCH2
  SSLOffloading              : False
  ExternalHostname           : mail.my_domain.ru
  ClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods   : {Ntlm}
  MetabasePath               : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
  Path                       : C:\Windows\System32\RpcProxy
  Server                     : SRVEXCH2
  AdminDisplayName           :
  ExchangeVersion            : 0.1 (8.0.535.0)
  Name                       : srvexch2
  DistinguishedName          : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
                               FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
                               ervices,CN=Configuration,DC=net,DC=local
  Identity                   : SRVEXCH2\srvexch2
  Guid                       : 2c24f11b-852c-4948-b236-3f37d071d500
  ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                : 18.02.2009 14:17:55
  WhenCreated                : 17.02.2009 14:53:36
  OriginatingServer          : dc1.net.local
  IsValid                    : True
  I have tried this cases, but they have not helped for this issue:
  1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I  also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
  2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
  3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
  4) Install domain controller and global catalog roles on the Exchange Server.
  Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?

  Have you also seen this:
  You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
  http://support.microsoft.com/kb/820281
  1.
  Click
  Start,
  click Run,
  type regedit in the Open
  box, and then press ENTER.
  2.
  Locate
  and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  3.
  In
  the right pane, double-click lmcompatibilitylevel.
  4.
  In
  the Value data
  box, type a value of 2 or 3 that is appropriate for your environment, and
  then click OK.
  5.
  Quit
  Registry Editor.
  6.
  Restart
  your computer.
  LmCompatibilityLevel
  settings
  The
  LmCompatibilityLevel registry entry can be configured with the following
  values:
  LmCompatibilityLevel
  value of 0:
  Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
  (NTLMv2) session security. Clients use LM and NTLM authentication, and
  never use NTLMv2 session security; domain controllers accept LM, NTLM, and
  NTLMv2 authentication.
  LmCompatibilityLevel
  value of 1:
  Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers accept LM, NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 2:
  Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 3:
  Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 4:
  (Server Only) - Domain controllers refuse LM responses. Clients use NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers refuse LM authentication, and accept NTLM and NTLMv2
  authentication.
  LmCompatibilityLevel
  value of 5:
  (Server Only) - Domain controllers refuse LM and NTLM responses, and accept
  only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
  session security if the server supports it; domain controllers refuse NTLM
  and LM authentication, and accept only NTLMv2 authentication.
  Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

• Allow changing of Outlook anywhere options after applying GPO

  Policy
  Setting
  Configure Outlook Anywhere user interface options       
  Enabled
  All config UI enabled
  I have used the outlook2010 GPO template to configure outlook anywhere settings. However after enabling these options, the user can no longer change the outlook anywhere settings (all greyed out). So I enabled the above GPO in outlook 2010 ADMX template.
  "This policy setting allows you to determine whether users can view and change user interface (UI) options for Outlook Anywhere.If you enable this policy setting, users can view and change UI options for Outlook Anywhere.If you disable or do not configure
  this policy setting, users will be able to use the Outlook Anywhere feature, but they will not be able to view or change UI options for it."
  However after performing gpupdate, it has no effect, users still cannot change any of the outlook anywhere settings. Here are the download locations for the admx templates if anyone else would like to test and confirm this issue.
  http://www.microsoft.com/en-us/download/details.aspx?id=18968
  http://support.microsoft.com/kb/2426686
  Anand_N

  Hi,
  Please check if the value of the following registry key has been set correctly by Group Policy:
  HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\outlook\rpc
  Value name: EnableRPCTunnelingUI
  Type: REG_DWORD
  To enable all configuration the value should be: 1
  Sincerely
  Rex Zhang
  Rex Zhang
  TechNet Community Support

• Exchange 2013 & Exchange 2007 Co-exist - Problems with Outlook anywhere proxy

  Hi,
  Got EX13 and EX07 in co-exist. Pointed all the external URL to EX13. ActiveSync proxies to 2007 and OWA redirects to legacy url with SSO. Working perfectly!
  But with Outlook Anywhere it does not work. Mailboxes on EX13 works good, but not for EX07 user.
  Error message from MRCA:
  Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server "internalFQDN ofbackend EX07 server"
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

  Hi,
  We need to change the Authenticaion on the Outlook Anywhere to NTLM
  Set-OutlookAnywhere -Identity "xxx\Rpc (Default Web Site)" –InternalHostName mail.domain.com
   -InternalClientsRequireSsl $True -ExternalHostName mail.domain.com
   -ExternalClientsRequireSsl $True -InternalClientAuthenticationMethod NTLM 
  -ExternalClientAuthenticationMethod NTLM -IISAuthenticationMethods 
  Basic, NTLM, Negotiate 
  Please first backup the Outlook Anywhere settings then do the above changes.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Outlook Anywhere Continues to Prompt for User Credentials

  Hi,
  Our Outlook AnyWhere clients continually get prompted to enter their user credentials while in Outlook.  We've tested connecting to  Outlook AnyWhere from the Internet and from our internal network.  We're using Exchange 2007 SP3. 

  Hi,
  Please run the following command to check the Authentication configuration for your Outlook Anywhere in Exchange 2007:
  Get-OutlookAnywhere | FL
  If the configuration is not correct, please run:
  Set-OutlookAnywhere -Identity "E12-01\Rpc (Default WebSite)" -IISAuthenticationMethods Basic,Ntlm
  In Outlook client, please configure to use Ntlm Authentication in the Connetions tab of Account Settings.
  Regards,
  Winnie Liang
  TechNet Community Support