Exchange 2013 autodiscover prompt

Hi,
Over the weekend i installed SP1 on our exchange 2013 DAG. Now users are getting an authentication prompt when opening outlook. This didn't happen prior to SP1.
When testing email auto configuration in outlook it prompts for auth, typing in my creds it goes through ok.
It looks like it getting a 401
I'm not sure what has changed but its very frustrating.
Any Ideas?

Please check the server settings on exchange... Update might change the the settings back to Basic. Roll back to NTLM to see what happens..
UMESH DEUJA MCP,MCTS,MCSA,CCNA

Similar Messages

Exchange 2013, clients prompting for password

Exchange 2013 SP1 on Server 2012 R2 both fully patched. Exchange 2013 is a single server will all roles installed. There is also an Exchange 2007 (fully pathed) as we are in the process of migrating the users.
Setup legay.company.com points to Exchange 2007 and mail.company.com point to Exchange 2013
Security on Exchange 2013 set to NTLM for External and Internal.
Mobile access works for user on Exchange 2013 and Exchange 2007
Client with Mailbox's on Exchange 2013 using Outlook 2010 - 2013 internally and externally getting prompted for username and password.
Clients with Mailbox's on Exchange 2007 ok.
Checked IIS, autodiscover, EWS and Kernal mode is set.
Nothing showing in the Event Logs.

Hi Skynite,
I have met this issue before, I recommend you try the following method and check the result:
In this situation, you must set LmCompatibilityLevel on the client to a value of 2. To do this, follow these steps.
Click Start, click Run, type
regedit in the Open box, and then press ENTER.<u5:p></u5:p>
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
In the pane on the right side, double-click lmcompatibilitylevel.<u5:p></u5:p>
In the Value data box, type a value of 2 and then click
OK.<u5:p></u5:p>
Exit Registry Editor.<u5:p></u5:p>
Restart your computer.<u5:p></u5:p>
More details about this Key, please refer to the following link:
http://technet.microsoft.com/en-us/library/cc960646.aspx
Best regards,
Niko Cheng
TechNet Community Support

Exchange 2013 autodiscover not working from Externally

Hi
i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error.
If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
But i dont know how above things is working without importing to new certificate...
Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
Please help me to fix this issue..

Hi ,
On TMG please have the outlook anywhere rule like below and check the status.
Step
1 :
On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
Step
2 :
on the users tab in the TMG rule - just add "all users" group on that rule.
By having the above settings we have avoided the issues in your environment.
Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
Please have a look in to the below link , it will give you some ideas which is related to TMG
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks & Regards S.Nithyanandham

Exchange 2013 Autodiscover Android IOS not working

Hello,
I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.
Windows Phone example Lumia worked with autodiscover correctly.
All needed DNS entry and certificate are uploaded to Exchange.
Test on https://testconnectivity.microsoft.com/ ended successfuly.
Can Android and IOS supported autodiscover.
BR/Lukas

Yes i try https://fqdn/Microsoft-Server-ActiveSync instead
I have White page nothing else.
IOS, Android work after manualy configured. Windows Phone work with autodiscover wonderfully
Ok we added public IP address to our CAS Server. Now from Internet i can login to /OWA or /ECP.
What next to do? Change autodiscover.domain.com Record A to point NAT IP address CAS server?
BR/Lukas

Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

<p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for our external domain. We have purchased an SSL wildcard positive certificate
*.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to  <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>

Hi,
According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
If I misunderstand your meaning, please feel free to let me know.
And to understand more about the issue, I’d like to confirm the following information:
What’s detail error page?
Check the Outlook Anywhere configuration: get-outlookanywhere |fl
Check the certificate : get-exchangecertificate |fl
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Exchange 2013 Autodiscover and Webservices virtual directories with wrong address

Hey people,
I have 3 2013 Servers
Server 1 CAS
Server 2 & 3 MBX
having a bit of trouble here - everything was working fine after migration (about 6months ago), and now mac users can't access e-mail.
If I try to access EWS page (https://webmail.domain.co.ao/EWS/exchange.asmx) , i get
Service
You have created a service.
To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:
svcutil.exe https://SERVER2.domain.int:444/EWS/Services.wsdl
If I try to access the autodiscover webpage, i get
<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">-<Response>-<Error Id="1286627925" Time="17:58:59.7730521"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
When testing outlook web services, i get the following error
[PS] C:\Windows\system32>Test-OutlookWebServices
Source ServiceEndpoint Scenario Result Latency
(MS)
SERVER2.domain.int webmail.domain.co.ao Autodiscover: Outlook Provider Failure 64
SERVER2.domain.int Exchange Web Services Skipped 0
SERVER2.domain.int Availability Service Skipped 0
SERVER2.domain.int Offline Address Book Skipped 0
if i run
[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl
Creating a new session for implicit remoting of "Get-AutodiscoverVirtualDirectory" command...
RunspaceId : 9f23dad1-7806-42a6-8545-89b66847a359
Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
MetabasePath : IIS://SERVER1.domain.int/W3SVC/1/ROOT/Autodiscover
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 775.38)
Server : SERVER1
InternalUrl : https://webmail.domain.co.ao/autodiscover/autodiscover.xml
ExternalUrl : https://webmail.domain.co.ao/autodiscover/autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=Autodiscover (Default Web
Site),CN=HTTP,CN=Protocols,CN=SERVER1A,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIN,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=domain,DC=int
Identity : SERVERONE\Autodiscover (Default Web Site)
Guid : fbed978f-7442-46ac-bb3c-53d9d7995507
ObjectCategory : domain.int/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged : 12/19/2013 10:30:26 AM
WhenCreated : 12/19/2013 10:30:26 AM
WhenChangedUTC : 12/19/2013 9:30:26 AM
WhenCreatedUTC : 12/19/2013 9:30:26 AM
OrganizationId :
OriginatingServer : DC2.domain.int
IsValid : True
ObjectState : Changed
and run
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl
RunspaceId : 9f23dad1-7806-42a6-8545-89b66847a359
CertificateAuthentication :
InternalNLBBypassUrl :
GzipLevel : High
MRSProxyEnabled : False
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Digest}
ExternalAuthenticationMethods : {Basic, Digest}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : False
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : True
WindowsAuthentication : False
OAuthAuthentication : False
AdfsAuthentication : False
MetabasePath : IIS://SERVER1.domain.int/W3SVC/1/ROOT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 775.38)
Server : SERVER1
InternalUrl : https://webmail.domain.co.ao/EWS/exchange.asmx
ExternalUrl : https://webmail.domain.co.ao/EWS/exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVRE1,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=DOMAINL,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domainl,DC=int
Identity : SERVER1\EWS (Default Web Site)
Guid : cbdd447b-54f8-4bba-9834-6c28b807711e
ObjectCategory : domain.int/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged : 12/19/2013 9:31:11 AM
WhenCreated : 12/19/2013 9:31:11 AM
WhenChangedUTC : 12/19/2013 8:31:11 AM
WhenCreatedUTC : 12/19/2013 8:31:11 AM
OrganizationId :
OriginatingServer : DC2.domain.int
IsValid : True
ObjectState : Changed
Summarizing:
webmail.domain.co.ao maps to server1
Autodiscover and exchange web services point out to server1 (CAS), but when openning the respective webpages, the result is an error.
I have already deleted and recreated the autodiscover and EWS virtual directories but with no success.
Help anyone?
Many thanks,
Andrey

Hi Andrey,
Exchange Web Service in Exchange server configuration is working for all users in your Exchange environment, not just for one specific user. If you want to double make sure the EWS service in client side, we can directly access the EWS URL in IE of your
Windows machine, and see whether a proper XML file is returned. If so, then we can safely ignore the web service test result.
As for automatic signature application, do you mean
Add a signature automatically to every message? Please try to remove the signature and reset it again to check whether the issue persists.
Thanks,
Winnie Liang
TechNet Community Support

Exchange 2013 Autodiscover priority set

In the environment four exchange server 2013. two in the server firm zone and another two is in the DMZ zone. In AD two autodiscover record are in server firm. no pointing for DMZ zone server. but in outlook by default audiscover connect to dmz zone server.
but i want to change the autodiscover priority. how can i configure that outlook autodiscover request not go to the dmz zone server.
Please suggest.

Hi ,
In addition to the david's suggestions ,please have a look in to the below points .
From you description i came to know you are having mbx and cas roles installed on four boxes.
Let me give you my suggestions .
whenever you install an client access server there will be an scp record created automatically for each servers in active directory.So in you case there will be four scp records .
please set the autodiscover internal uri for all the four cas servers like below and at the same time you should have to have the autodiscover name in san certificate .
https://autodiscover.yourdomain.local/Autodiscover/Autodiscover.xml
Go to dns in active directory .There you can find a zone name called yourdomain.local .
On that you should have to create a host A record for autodiscover like below
autodiscover.yourdomain.local - cas server 1 ip address (i.e. the server in lan network )
autodiscover.yourdomain.local - cas server 2 ip address (i.e. the server in lan network )
Don't create a host A record for server3 and server 4 which is in dmz network .
So when ever a client query for an autodiscover service it will get resolved in to two ip address (i.e server 1 & server 2 ) .Finally there would be no chance for the client to communicate the cas servers in DMZ zone .
Note : In some cases you internal domain and external domain will not be same .For that you should have to use the split dns .
Say for instance you internal domain would be domain.local and you external domain would be domain.com
On such cases you should have to create a new zone for domain.com .On that create Host A record for autodicover service (i.e.only for the cas servers in lan network)
Same time please clear me why you have placed two of your exchange server in dmz zone ?
Please reply me if you have any queries .
Regards
S.Nithyanandham
Thanks S.Nithyanandham

Autodiscover after deploying Exchange 2013 CAS in a Exchange 2007 organization

I am deploying Exchange 2013 CAS in a Exchange 2007 organization. Will all the clients be directed to the Exchange 2013 CAS servers for autodiscover. Will there be any issue with outlook clients connecting to their mailbox servers in Exchange 2007

All clients should be pointed to the Exchange 2013 CAS for the autodiscover service. This means:
A. For local clients
You need to modify the autodiscover Internal URI on the Exchange 2007 server and point it to Exchange 2013. For example, if you are using split-brain DNS on the Local Network and mail.yourdomain.com is resolved to Exchange 2013 local IP, the Exchange 2007
Autodiscover Internal URI should be "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
Exactly the same way, you should modify the Exchange 2013 Autodiscover Internal URI and use the same address "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
B. For remote clients - all clients will hit the Exchange 2013 CAS first (ex. mail.yourdomain.com)
If the user's mailbox is on Exchange 2007 server, the correct XML will be generated and provided, and the user will be proxied for Outlook Anywhere/ActiveSync and redirected for OWA/WebServices
If the user's mailbox is on Exchange 2013 server, the correct XML will be generated and provided
Bottom line - based on the location of the user's mailbox, Exchange 2013 will generate and provide the correct XML file (there is not proxying involved in providing the Autodiscover info).

Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013

Hi all ,
on my side i would like to clarify few queries.
Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
the autodiscover service to exchange 2013 during coexistence.
When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
Internal Outlook Connectivity
For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
Please share me your suggestions and that would help me a lot .
Regards
S.Nithyanandham

Hi Winnie Liang ,
Thanks a lot for your reply.
Scenario 1 : for internal outlook connectivity
We have below settings for exchange 2010 autodiscover.
mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
We are going to have below settings for exchange 2013 autodiscover.
mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
get it updated on user profile.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
Scenario 2: For exchange services
mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
What about the above services will it get affected during whole exchange 2013 environment failure ?
Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
Regards
S.Nithyanandham
Thanks S.Nithyanandham

Exchange 2013 Users cannot access Public folder in Exchange 2007 SP3

Dears,
i am working in Upgrading Exchange 2007 to Exchange 2013 CU7,, I came to know with CU7 we have new way for coexistence with legacy Public Folder
https://technet.microsoft.com/en-us/library/dn690134(v=exchg.150).aspx
i did the steps exactly as it is in the article, but now users in Exchange 2013 always prompt for username /password when opening outlook and i found they still trying to connect to Exchange 2007 PF Server using HTTPS and failed..
BTW, Outlook anywhere is disabled in EX2007 and as per this article Q/A , it is no more needed
http://blogs.technet.com/b/exchange/archive/2014/11/07/on-premises-legacy-public-folder-coexistence-for-exchange-2013-cumulative-update-7-and-beyond.aspx
the issue now, still users getting prompted and cannot connect to PF in EX2007,,
your help is appreciated
thanks
Mufleh

I ran into the same situation recently, and found out that you need to make sure InternalClientsRequireSSL is set to false.
To verify: Run Get-OutlookAnywhere | fl Identity, *ssl
If it is true, try setting it to false.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

Best practices for buying a digital certificate for Exchange 2013

Good dayfriends,
Could you indicateme which are the bestpractices when buying
a public digital certificatefor use onExchangeServer 2013.
I'd be interested in knowing your opinion about
using wildcardor SAN certificates.
Likewise what are the best recommendations
to include names and why they should or
should not include the internal FQDN
of my servers.
Currently I have an infrastructure that has two
MailBox servers,two CAS servers and an EDGE
2010 server, but I'm planning update it to Exchange 2013.
I searched what are the best
practices according to Microsoft but
have found little information.
I would appreciate
if you can post links like
Microsoft KBs and other technical documents that
discuss the above mentioned.
Thanking your
invaluable support.
Greetings.

Hi,
Personal suggestion, we can use two namespaces for your Exchange 2013:
Autodiscover.domain.com (Used for autodiscover service)
Mail.domain.com (used for all Exchange services external and internal URLs)
Please pointed mail.domain.com and autodiscover.domain.com to your internet facing CAS 2013.
For more information about Digital Certificates and SSL in Exchange 2013, please refer to the
Digital Certificates Best Practices part in the following technet article:
http://technet.microsoft.com/en-us/library/dd351044%28v=exchg.141%29.aspx?lc=1033
Additionally, here are some other scenarios about certificate planning in Exchange 2013:
http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 & 2010 coexist problem. Authentication Credentials Prompt in Outlook

Hello Forum
We have two Exchange servers coexisting together. A new 2013 and a old 2010.
Everything was setup with the help of the Exchange Deployment Assistant.
I have had alot of trouble with Outlook 2013 Prompting for credentials on Exchange 2013 Mailboxes. None of the 2010 Mailboxes expericence this popup.
I solved most of the popup issues with this by changing the ExternalClientAuthenticationMethod to ntlm.(from negotiate)
http://blog.gothamtg.com/2013/10/15/users-constantly-prompted-for-credentials-after-being-migrated-to-exchange-2013/
and installing this update for Outlook:
http://support2.microsoft.com/kb/2899504/en-us
Now 2013 Mailboxes Work without any anoying popups. Except when they try to open another users mailbox that is located on the old 2010 server or a shared 2010 calander.
The connection to Exchange 2010 is working if I input the users password, but should it not work without this popup too?
This connections name acording to Outlook is called: Exchange-Mail RPC/HTTP (remote [NTLM])
We use the same domain for external and internal autodiscover connections.
Test Exchange Connectivity Analyzer shows everything ok.
If i run
get-outlookanywhere | fl *external*
(2013 server)
ExternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl          : True
(2010 server)
ExternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Basic
ExternalClientsRequireSsl          : True
Only one thing I am wondering here is. If I change my old 2010 Auth Method to NTLM if that will break anything i OWA and so on.
What do you Guys have setup in your environments and can you point me towards any troubleshooting?
Thanks!

For us, the changes made in IIS are permanent, there quite possibly is a powershell way of doing it but I am still getting to grips with PS myself so I don't know.
I wont plagiarise others work but these two links here give a good explanation between Basic and NTLM. personally, I have always used basic because I always seem to get problems with NTLM, though one time it did work as expected but I forgot what I did to
get it working now.
https://social.technet.microsoft.com/Forums/exchange/en-US/92178beb-3310-4363-8848-d022a6e2a77f/basic-vs-ntlm-authentication-outlook-anywhere
http://www.sysadminlab.net/exchange/outlook-anywhere-basic-vs-ntlm-authentication-explained

Outlook prompting for password with new Exchange 2013

I have Exchange 2007 and 2013. I want to migrate to 2013 but I'm having issues in the testing phase. I have a test account that I moved the mailbox to the new server. I have a test PC with a modified hosts file that points to the new Exch
2013 server IP address.
When I log in with this test user, Outlook appears to connect and download the mailbox. However a Windows Security dialog box pops up saying Microsoft Outlook Connecting to [email protected] and it has a username and password field. No matter what
is entered here, it is NOT accepted, nor if forcefully entering the wrong information is the account locked out.
I can click cancel here and it proceeds to update the inbox and then says All folders are up to date. But at the bottom in Outlook 2013 it says Need password and Outlook's icon in the taskbar has a yellow triangle on it. I can send myself a test
email and I get it (I personally am on the 2007 server), but after it sends Outlook 2013 prompts again for the password, and since it does not accept anything, I have to click cancel.
I have done ALL the windows updates available on this test PC. Exchange 2013 is on CU6 which is the latest at the time of this writing.
Another thing is in the Lync 2013 client it says "Exchange needs your credentials". No matter what is entered here, it will not make this message go away unless you click the X on this warning bar. Lync itself appears to work regardless.
Any ideas?
I just changed the ExternalClientAuthenticationMethod from Ntlm to Negotiage. Now the Outlook prompt does accept the domain password, but I don't want anyone to have to enter any type of credentials just to get on. Note, this test is on the same
LAN as the servers, so I haven't even tackled an external test yet, though last time I tried it was the same results.

Ok besides LYNC 2013 asking for exchange credentials, I cannot get Outlook to work externally.
Externally to the NEW Exch2013 server, we are trying something different this time around. Instead of poking port 443 straight to the Exchange server from the outside world, we are trying what we did with LYNC. We are poking port 443 to an IIS
AAR reverse proxy to it's DMZ interface. It has another nic on DMZ 2 which allows port 443 to the Exchange 2013 server.
So I can use this with no problem for OWA if using an account on the new 2013 Exchange server. But if using an account on the old Exchange server, after I click sign in I get "The webpage at https://legacy.domain.com/owa/auth/owaauth.dll might
be temporarily down or it may have moved permanently to a new web address. ERR_RESPONSE_HEADERS_TRUNCATED.
Then of course Outlook Anywhere does not work. After I put in my password it sits there trying to connect with nothing.
Here is part of the IIS log on the AAR server.
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2014-10-24 20:00:02
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2014-10-24 20:00:02 192.168.1.13 OPTIONS /Microsoft-Server-ActiveSync User=exchange2007user&DeviceId=BAEEF5AE6A1CE1C61A2E62E992691FE2&DeviceType=WindowsMail&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=6301e6ce-7827-42cd-91a4-7eaa47ac659c 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 500 0 0 19390
2014-10-24 20:00:02 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=36d2360b-79c5-4ca0-a250-08b892cd5b70 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 401 0 0 0
2014-10-24 20:00:08 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7615e512-4e58-424b-8ce1-654ba86bfe2e 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:00:08 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:00:08 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=c3f94f7d-b408-4ff9-9de0-3e4577829b97 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:00:22 192.168.1.13 POST /Microsoft-Server-ActiveSync eQAJBBC67vWuahzhxhouYumSaR/iBK6gyiwLV2luZG93c01haWw=&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0b1ef554-5b08-4e0a-a9bd-294601364f4a 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 500 0 0 19047
2014-10-24 20:00:22 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b1fa8dde-9c16-40b9-9932-f49e7dc971c4 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 401 0 0 0
2014-10-24 20:00:41 192.168.1.13 OPTIONS /Microsoft-Server-ActiveSync User=exchange2007user&DeviceId=BAEEF5AE6A1CE1C61A2E62E992691FE2&DeviceType=WindowsMail&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=8b94ec84-08dc-43e3-aeae-d00b1e4c9837 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 500 0 0 19047
2014-10-24 20:00:41 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1412decf-d570-440a-9ac4-8a6347b18bbd 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 401 0 0 0
2014-10-24 20:01:00 192.168.1.13 POST /Microsoft-Server-ActiveSync eQAJBBC67vWuahzhxhouYumSaR/iBK6gyiwLV2luZG93c01haWw=&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=5d1754fc-cc71-43fe-876d-2eff7ba1efbf 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 500 0 0 19032
2014-10-24 20:01:00 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=a8609c9a-6fc3-43d1-b961-74e95dc53bf1 443 - 192.168.50.240 WindowsMail/17.5.9600.20605 401 0 0 0
2014-10-24 20:01:09 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-LOG-ID=cdcb7486-bdad-4f66-a300-3d1262be606a 443 - 192.168.50.240 MSRPC 200 0 0 60138
2014-10-24 20:01:11 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=3ac5ff66-5ad1-495d-9293-5bc3540b481c 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:01:11 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6001 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:01:11 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b8b39056-6c89-48ec-98d9-0456aad716f1 443 - 192.168.50.240 MSRPC 401 0 0 78
2014-10-24 20:02:11 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6001&X-ARR-LOG-ID=44351254-c944-45ab-9b6f-e020358b993b 443 - 192.168.50.240 MSRPC 200 0 0 60184
2014-10-24 20:02:11 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=20e05c35-5b55-461f-9b9e-7e85b2266269 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:02:11 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6002 443 - 192.168.50.240 MSRPC 404 13 0 15
2014-10-24 20:02:11 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=079dc1e7-6edf-43d9-8d92-67229c259c93 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:03:11 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6002&X-ARR-LOG-ID=9cef3d08-4052-45f5-8806-3a6729818138 443 - 192.168.50.240 MSRPC 200 0 0 60169
2014-10-24 20:03:13 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=4bdb9a31-c8bc-4174-9958-4daaea796edb 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:03:13 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:03:13 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=d1489811-2925-458f-910d-702746329d0c 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:04:13 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-LOG-ID=545f6dff-9eff-4353-939d-20b3caf50d3f 443 - 192.168.50.240 MSRPC 200 0 0 60169
2014-10-24 20:04:13 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll DC1.domain.com:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=86b53049-82f2-44b8-9135-bb54d02fbaae 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:04:13 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll DC1.domain.com:6004 443 - 192.168.50.240 MSRPC 404 13 0 15
2014-10-24 20:04:13 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll DC1.domain.com:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1a4eefbd-de59-4fac-b7de-8df5fb2e323b 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:04:13 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll DC1.domain.com:6004&X-ARR-LOG-ID=83dac450-4479-40d4-8cb9-e82e36085dbe 443 - 192.168.50.240 MSRPC 404 0 0 31
2014-10-24 20:04:15 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b3fd8e85-122e-47b8-85e8-cfbc1281aa1d 443 - 192.168.50.240 MSRPC 401 0 0 62
2014-10-24 20:04:15 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6001 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:04:15 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=eaee2bf9-cc0e-4805-b715-befb335ed25c 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:05:15 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6001&X-ARR-LOG-ID=535cdb59-c23f-44ae-ada8-9f07bca29f92 443 - 192.168.50.240 MSRPC 200 0 0 60169
2014-10-24 20:05:15 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=f2d73aad-ba0e-413d-bff0-713bc830f028 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:05:15 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6004 443 - 192.168.50.240 MSRPC 404 13 0 15
2014-10-24 20:05:15 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=93219c6c-bbab-49ae-b12a-4c8f7939368c 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:05:46 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=a9d7e8b9-6f0e-4036-b6ff-298fb483dffc 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 62
2014-10-24 20:06:07 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=a79a1894-554c-496f-98b5-8935644f286b 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 46
2014-10-24 20:06:07 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=6dab43de-a34f-426f-ba56-a7b589c8a5c9 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 15
2014-10-24 20:06:07 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=d7323b0f-5af4-4741-88ac-07e51675feaf 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 15
2014-10-24 20:06:07 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=d27bd9f8-2292-4710-b1ce-1f613733af8b 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 0
2014-10-24 20:06:07 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=c9a1d015-6ec5-469b-b6f0-1e2532b36b54 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 62
2014-10-24 20:06:16 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6004&X-ARR-LOG-ID=29d563b7-b6b9-4600-8344-5afd6af2e1d7 443 - 192.168.50.240 MSRPC 200 0 0 60184
2014-10-24 20:07:36 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=2af97edd-0e95-41d9-b55f-84f0b98d9a8d 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 46
2014-10-24 20:07:36 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-LOG-ID=4524480e-1bca-4e48-b807-ba39a1c5c934 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 200 0 0 468
2014-10-24 20:07:37 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7d07ec9d-7d0b-4d2a-a742-7c3552b267f9 443 - 192.168.50.240 MSRPC 401 0 0 78
2014-10-24 20:07:37 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll MAIL:6004 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:07:37 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6004&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=804dc16d-37a9-44a1-91fc-462336f7ff69 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:08:38 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL:6004&X-ARR-LOG-ID=95a61f86-fdc2-4868-ae7a-25505f4c131c 443 - 192.168.50.240 MSRPC 200 0 0 60138
2014-10-24 20:08:40 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=e7007c02-bc0a-4b04-906e-29c653796099 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:08:40 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6001 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:08:40 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6001&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=2495013e-d003-4dcd-8dc4-b5756acf0618 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:08:46 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=fc7f2ec4-3af1-4059-997e-fd18680c6f94 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 46
2014-10-24 20:08:46 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-LOG-ID=4f75729e-bf92-499c-8dc2-832fddc27582 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 200 0 0 46
2014-10-24 20:08:46 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=327a2992-2b43-41ff-9ac4-a9960daba60d 443 - 192.168.50.240 MSRPC 401 0 0 31
2014-10-24 20:08:46 192.168.1.13 RPC_IN_DATA /rpc/rpcproxy.dll mail.domain.com:6002 443 - 192.168.50.240 MSRPC 404 13 0 0
2014-10-24 20:08:46 192.168.1.13 RPC_OUT_DATA /rpc/rpcproxy.dll mail.domain.com:6002&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=784171c0-def0-4369-a9ad-374a25a21801 443 - 192.168.50.240 MSRPC 401 0 0 46
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=2399c7d5-50e2-4c0f-85ed-ffeb92f411a8 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 31
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0156ccf0-043c-4c45-83db-f62cde770079 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 0
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=40934ba2-41f8-435f-b62e-ababb51e00e2 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 31
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=049938a4-cc8a-4476-b123-2d2a2dbcbcf7 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 0
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=232d57a3-e1e3-43eb-8f04-ffc8f57c9359 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 0
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=186a6668-8ce2-415b-8b1c-a2a2cb246617 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 401 0 0 46
2014-10-24 20:09:10 192.168.1.13 POST /autodiscover/autodiscover.xml X-ARR-LOG-ID=a5697f0e-972e-4e2f-8149-667cc7c4cee5 443 - 192.168.50.240 Microsoft+Office/15.0+(Windows+NT+6.2;+Microsoft+Outlook+15.0.4659;+Pro) 200 0 0 31

Exchange 2013/2010 Co-existance Outlook Users Always Prompted for Password

Hello,
We are in the process of attempting to migrate to Exchange 2013, but during the migration time, we need to coexist with the two versions. Our outlook clients are a mix of Office 2007, 2010, and 2013. When a user is migrated from 2010 to 2013,
they start getting prompted for their password in Outlook every few minutes. They can click cancel and continue working, but they continue to get prompts for their password. If they click the update folder button in outlook, it updates fine, and
the password prompt goes away for awhile.
Most topics on this state that this is caused by a certificate issue. We have an internally deployed CA, with the Root certificate trusted by all clients. The exchange 2013 server has a certificate that was created by this CA.
I believe that this is caused by OAB (address book) still being hosted on the Exchange 2010 server (with a self signed cert), that is causing the connection to fail. Is there anyway to test this without breaking outlook connections for the users that
are on Exchange 2010? Or is there any other reason that this would occur?
Thanks for any assistance.

Sorry for taking so long to reply, other items came up that rank higher then this migration.
I ran the Test-OutlookWebServices CMD and got this result:
[PS] C:\Windows\system32> Test-OutlookWebServices
Source                              ServiceEndpoint
Scenario                       Result Latency
(MS)
EXCHANGE13.company.local           exchange10.company.local           Autodiscover: Outlook Provider Failure     229
EXCHANGE13.company.local
Exchange Web Services          Skipped       0
EXCHANGE13.company.local
Availability Service           Skipped       0
EXCHANGE13.company.local
Offline Address Book           Skipped       0
I
am currently thinking that this may be the error. Is there a way to
change the first failing result to the hostname of the
exchange13.company.local without breaking the current settings for the
exchange10.company.local autodiscover?

Exchange 2013 - External Windows XP/Outlook 2007 Password Prompt

I have an Exchange 2013 server and everything is working correctly internal with XP clients that are connected to the domain. My problem is that the Windows XP computers that are connecting from outside of the office that aren't connected to the domain
and have local usernames and passwords keep getting the password prompts. I put in the correct domain\username and password and it connects. The if I close and reopen it asks me for the password, I have saved the credentials but it still asks.
I have look and applied these settings from these articles but I'm still having the issue. All of the internal and external names match my GoDaddy SSL certificate (mail.domain.com). Get-OutlookAnywhere shows:
ExternalHostname : mail.domain.com
InternalHostname : mail.domain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/
http://pickettsproblems.wordpress.com/2013/04/08/windows-xp-users-not-connecting-to-exchange-2013-server/

Here is my XML log from Test E-mail AutoConfiguration if you need it:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Ryan Laurie</DisplayName>
      <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=03614938e08f481b8f7e1bbc7346aa22-Ryan</LegacyDN>
      <AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
      <DeploymentId>463444fb-5651-4b0f-91e5-6356fc132a95</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <MicrosoftOnline>False</MicrosoftOnline>
      <Protocol>
        <Type>EXCH</Type>
        <Server>[email protected]</Server>
        <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
        <ServerVersion>73C08204</ServerVersion>
        <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>Exchange.mydomain.local</PublicFolderServer>
        <AD>SERVER2.mydomain.local</AD>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=mydomain.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=mydomain.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=mydomain.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=mydomain.local</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=mydomain.local</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=mydomain.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=mydomain.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=mydomain.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
        <ServerExclusiveConnect>off</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.mydomain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
       <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=mydomain.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=mydomain.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=mydomain.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=mydomain.local</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=mydomain.local</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=mydomain.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=mydomain.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=mydomain.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
        <ServerExclusiveConnect>on</ServerExclusiveConnect>
        <EwsPartnerUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsPartnerUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.mydomain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>mail.mydomain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=mydomain.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=mydomain.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=mydomain.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=mydomain.local</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=mydomain.local</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=mydomain.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=mydomain.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=mydomain.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>mail.mydomain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=mydomain.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=mydomain.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=mydomain.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=mydomain.local</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=mydomain.local</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=mydomain.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=mydomain.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=mydomain.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
      </Protocol>
    </Account>
</Response>
</Autodiscover>

Exchange 2013 autodiscover prompt

Similar Messages

Maybe you are looking for