Outlook anywhere external issues

Similar Messages

• How do I disable Outlook Anywhere Externally with Split-DNS?

  Hello,
  I am trying to disable Outlook Anywhere Externally. This issue is that we use split-dns and all of our Exchange services point to mail.domain.com both internally and externally. This can't be changed due to our SSL certificate not including the internal
  server DNS name for the Exchange server, and we still have another two years on it.
  Is there a way to white-list a range of IP Addresses (potentially through IIS since Outlook Anywhere uses HTTPS)? Would setting the External URL to null for Outlook Anywhere prohibit autodiscover from configuring the Outlook client, or would it do nothing
  at all since the internal DNS name is the same as the external?
  I could potentially add an internal SSL certificate and change the internal DNS name of Outlook Anywhere. Is this a good move?
  Thank you for your time.

  Hello,
  I am trying to disable Outlook Anywhere Externally. This issue is that we use split-dns and all of our Exchange services point to mail.domain.com both internally and externally. This can't be changed due to our SSL certificate not including the internal
  server DNS name for the Exchange server, and we still have another two years on it.
  Is there a way to white-list a range of IP Addresses (potentially through IIS since Outlook Anywhere uses HTTPS)? Would setting the External URL to null for Outlook Anywhere prohibit autodiscover from configuring the Outlook client, or would it do nothing
  at all since the internal DNS name is the same as the external?
  I could potentially add an internal SSL certificate and change the internal DNS name of Outlook Anywhere. Is this a good move?
  Thank you for your time.
  The only way within Exchange is to set the internal Outlook Anywhere host name to something not resolvable externally and/or null out the external hostname or set to something bogus.
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Outlook anywhere external Url

  Hello ,
  do I need to enable outlook anywhere External Url(or this optional)
  to autodiscover work
  thanks

  I have exchange 2010 and outlook 2010
  I can connected outlook form outside but with warning and I can send and receive
  and OWA working fine without error or warning and mobile connected without any problem
  but the strange thing when press view certificate button I see
  certificate issued to: my hosting company but my certificate issued to my domain
  and also certificate issued by digicert  but my certificate issued by geo cert Trust
  thanks
  The problem has existed since Exchange 2007. That article just illustrates the issue.
  Here is another.
  http://blogs.dirteam.com/blogs/davestork/archive/2014/08/13/optimizing-the-autodiscover-process-by-skipping-the-root-domain-query.aspx
  Try excluding the root domain autodiscover lookup and see if that resolves it.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Troubleshooting for RPC over https (Outlook Anywhere) connection issue

  RPC over https (ROH), well known as Outlook Anywhere, is more frequently used. Even in Exchange 2013, Outlook no longer connects CAS server via MAPI.
  In this thread, we will discuss about the troubleshoot checklist about the RPC over https (Outlook Anywhere) connection issue. In order to make it more logical, I’d like to divide the whole troubleshooting to the following processes:
  1. Client side to CAS side
  2. CAS side to MBX side
  [Issues between Client side to CAS side]
  In Exchange 2013, Outlook Anywhere is enabled by default. Different from this, Outlook Anywhere in Exchange 2007 and 2010 need to be manually enabled. Thus, please firstly check if the RPC over HTTP component has been installed:
  Click Start, and then click Control Panel.
  Double-click Programs and Features.
  In the left pane of Server Manager, click Features.
  In the right pane, click Add Features.
  Check if the RPC over HTTP component has been selected.
  If the ROH connectivity issue only happens on certain users, the property MAPIBlockOutlookRpcHTTP can be checked: 
  Get-CASMailbox  name | fl MAPIBlockOutlookRpcHttp
  2. Confirm if Exchange server is blocked. Ping the Exchange server FQDN on client machine and confirm if it can return the proper IP address.
  3. Check if the RPC Proxy server is responding correctly:
   rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
  If 200 code returns, the test is successful.
  4. Check if Outlook Anywhere host names are added in the certificate:
  To get host names, the following command can be used: get-outlookanywhere |fl *hostname
  5. To use the Shell to test Outlook Anywhere connectivity, use the
  Test-OutlookConnectivity cmdlet.
  [Issues between CAS side to Mailbox side][RZ1] 
  A. Check if it can connect to store’s port:
  RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –e 6001
  If it returns as following: Completed 1 calls in 60 ms  16 T/S or 60.000 ms/T, it means the RPC Ping Utility test succeeds.
  B. Check if it can Connect to DsProxy Service:
  RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 2 –F 2 –a connect –u 10 –v 3 –e 6004
  If it returns as following: Completed 1 calls in 60 ms  16 T/S or 60.000 ms/T, it means the RPC Ping Utility test succeeds.
  C. Check the following registries:
  [Disable the auto update]
  1).Open Regedit and navigate to:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\RpcHttpConfigurator
  2).Set the PeriodicPollingMinutes value to 0.
  [Check the RpcProxy ValidPorts]
  1).On the RPC proxy server, start Registry Editor (Regedit).
  2). In the console tree, locate the following registry key:
  HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
  3). In the details pane, right-click the ValidPorts subkey, and then click Modify.
  4). In Edit String, in the Value data box, type the following information:
  ExchangeServer :6001-6002; ExchangeServerFQDN :6001-6002; ExchangeServer :6004; ExchangeServerFQDN :6004
  Note:
  ExchangeServer is the NetBIOS name of your Exchange server. ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server. If the FQDN that is used to access the server from the Internet differs from the internal FQDN, you must use
  the internal FQDN.
  [Check the 6004 port settings in registry]
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
  Value name: HTTP Port
  Value type: REG_DWORD
  Value data: 0x1772 (Decimal 6002)
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
  Value name: Rpc/HTTP NSPI Port
  Value type: REG_DWORD   
  Value data: 0x1774 (Decimal 6004)
  D. Check if the RPC ports are used by other applications instead of Exchange by using : netstat –o
   Then it will return all active TCP connections and the process ID (PID) for each connection.
   After that, please check the application based on the PID on the Processes tab in Windows Task Manager and confirm if it’s Exchange server.
  Additionally, ExRCA is a perfect tool to test the whole connection between client side and Mailbox side:
  https://testconnectivity.microsoft.com/
  1. On the ExRCA website, under Microsoft Office Outlook Connectivity Tests, select Outlook connectivity, and then select Next at the bottom of the page.
  2. Enter the required information on the next screen, including email address, domain and user name, and password.
  3. Choose whether to use Autodiscover to detect server settings or to manually specify server settings.
  4. Accept the disclaimer, enter the verification code, and then select Verify.
  5. Select Perform Test.
  <Resource for reference>
  How does Outlook Anywhere work (and not work):
  http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx
  How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003:
  http://support.microsoft.com/kb/831051
  Test Outlook Anywhere Connectivity:
  http://technet.microsoft.com/en-us/library/ee633453(v=exchg.150).aspx
   [RZ1]It’s part, please re-layout
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  I've just restored the M11 to Windows XP with the disks provided and Outlook Anywhere connected without issue. As strange as it sounds, this looks to be isolated to this particular model of laptop and Windows 7.
  I've used the same Enterprise copy of Windows 7 and Office on a variety of laptops and pc's and none have come across this problem. The only commonality I can see is the hardware and OS.
  Aftery trying to troubleshoot this unsuccessfully with Microsoft tech support for a few hours, they eluded to the fact that this +could+ be a hardware related problem. (driver, adapter properties, etc)

• Re: Tecra M11 - Outlook anywhere connection issue

  Hello,
  Has anyone tried to connect to an Exchange server with Outlook Anywhere on the factory installation of Windows 7 and Office 2010? The authentication window keeps popping up asking for a user name and password. (DOMAIN\Username)
  I've been trying to get this working (with Microsoft tech support also), but haven't been able to. I've installed an Enterprise copy of Win 7 with Office 2010 & 2007 and got the same result. I tried this with a Tecra M10 with both a factory restore of Win7 and an Enterprise copy of Win7 from my company and it worked flawlessly.
  This leads me to believe that this particular model of laptop could be the culprit. I have 2 M11's, and this happens on both. These are not connected to any domain. I don't believe this is an Exchange issue because Outlook Anywhere works with other models of Toshiba Tecras running Win7 and also several standalone Win7 PCs running both Office 2010 and 2007.
  Any ideas or suggestions would be greatly appreciated!
  Thanks

  I've just restored the M11 to Windows XP with the disks provided and Outlook Anywhere connected without issue. As strange as it sounds, this looks to be isolated to this particular model of laptop and Windows 7.
  I've used the same Enterprise copy of Windows 7 and Office on a variety of laptops and pc's and none have come across this problem. The only commonality I can see is the hardware and OS.
  Aftery trying to troubleshoot this unsuccessfully with Microsoft tech support for a few hours, they eluded to the fact that this +could+ be a hardware related problem. (driver, adapter properties, etc)

• Outlook Anywhere External Hostname

  Good dayI am busy doing a few tests in my Lab environment with regards to Exchange 2010 Outlook anywhere.Do any of you know if it possible to setup Outlook anywhere with an external hostname that differs from what the CAS hostname is?Taking into account that you have configured all the rest of the requirements for Outlook anywhere such as setting up the SAN certificate with all the correct FQDNs, setting up DNS etc.I have also configured the OutlookProvider (Set-OutlookProvider -Identity EXPR..) with the FQDN that I want to use for Outlook anywhere.What I have found is that when I configure my Outlook client to use this new proxy address instead of the CAS hostname it prompts for a password and does not accept the password that is given. I can see in Outlook clients connection status that it is indeed trying to connect to my Outlook...
  This topic first appeared in the Spiceworks Community

  Hi,
  According to your description, you have minimized the certificate names before you set the internal and external host names of Outlook Anywhere and other services' URLs. If I misunderstand your meaning, please feel free to let me know.
  If yes, As Martina said, I recommend you set all URLs and internal and external OA host names with the name mail.company.com. Then we can confirm the internal DNS record about the name. To test Autodisocver, we can directly access its URL which is set in
  the property AutodiscoverServiceInternalURI.
  Additionally, based on my research, for the error when you run the New-TestCasConnectivityUser.ps1 script, you can opened the script in notepad and found the line beginning “new-mailbox” – and deleted the parameter “–OrgainisationalUnit:$OrganistationalUnit”:
  http://www.definit.co.uk/2011/03/exchange-2010-createtestuser-mailbox-could-not-be-created-verify-that-ou-users-exists-and-that-password-meets-complexity-requirements/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 Outlook Anywhere connection issues when using F5 VIP

  Hello, 
  We are in the process of deploying Exchange 2013 into our Exchange 2010 Org.  We are using an F5 to load balance all services. We are doing some initial testing and have not cut over autodiscover or other URLs yet to 2013.  We are using host files
  on the local testing machines to point the URLs to 2013.    OWA, Activesync, ecp work with no issue through the F5 VIP.   However, we are having issues with Outlook.  If our host file entries point to a single server, Outlook functions
  normally.  If the host file entries point to the F5 VIP, it keeps prompting for creds and will never connect.
  Just wondering if anybody has run into this or has any guidance as far as OA and F5 deployment.
  Thanks

  Hi,
  Please check your Load Balance configuration and make sure the namespace used for Load Balance has been included in the Exchange certificate. For example: mail.domain.com and autodiscover.domain.com.
  If possible, please share your load balance configuration with us for further analysis. Here are some references about the Load Balance Scenario:
  http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 2007 co-existence Outlook Anywhere issues

  Sorted out all other issues (apart from a SSO issue- another thread) . Activesync, autodiscover etc all working- but Outlook Anywhere does not work for Exchange 2007 external mailboxes. It does work for 2013 mailboxes internally and externally-
  and 2007 mailboxes internally.
  Exchange 2013 SP1. Exchange 2007 Sp3 RU10. Legacy namespace is in use and on certificate. Outlook Anywhere IIS Authentication is set to Basic and NTLM on both 2007 and 2013 servers.  Outlook Anywhere external client authentication is set to Basic.
  Any sugestions what to look at next?

  Tony,
  I apologize for the stupid question, but was Outlook Anywhere working on Exchange 2007 before you started the upgrade?
  When you open command prompt on Exchange 2007 and ping the Exchange 2007 internal FQDN or NetBIOS name, do you get an IPv4 address or you get the IPv6 one?
  Step by Step Screencasts and Video Tutorials

• Outlook Anywhere Issues and Questions

  Exchange 2013 with 2 member DAG using round robin DNS. We seem to be having issues with exchange users on the local LAN. External users are working fine. We get:
  I believe this is a autodiscover/CA error because external users are working fine. The active copy server has the following for outlook anywhere settings:
  external users use hostname: oa.domain.tld
  internal users use hostname: mail.domain.tld
  Passive copy server has the following settings for outlook anywhere:
  external users is blank
  internal users has the server hostname.domain.tld
  The settings on both the active and passive should be the same correct?
  Now the CA; we have a godaddy cert and it is installed on the active server. However, on the passive server it is not installed. The godaddy cert should be installed on the passive copy server correct?

  Exchange 2013 with 2 member DAG using round robin DNS. We seem to be having issues with exchange users on the local LAN. External users are working fine. We get:
  I believe this is a autodiscover/CA error because external users are working fine. The active copy server has the following for outlook anywhere settings:
  external users use hostname: oa.domain.tld
  internal users use hostname: mail.domain.tld
  Passive copy server has the following settings for outlook anywhere:
  external users is blank
  internal users has the server hostname.domain.tld
  The settings on both the active and passive should be the same correct?
  Now the CA; we have a godaddy cert and it is installed on the active server. However, on the passive server it is not installed. The godaddy cert should be installed on the passive copy server correct?
  The cert needs to be installed on the CAS role servers.
  I installed the godaddy cert and it does show in the certificates mmc. However, in ECP it still shows "pending request" and yes, I clicked on "complete" and completed the steps. Does it matter if the friendly name is exactly the same as
  the friendly name on the active copy server? How about the outlook anywhere settings? Should they be the same as the active copy server?

• 2010 / 2013 Coexistance: Outlook-Anywhere

  Hey there,
  Can somebody please explain to me why I need to set Outlook-Anywhere on my legacy (2010) servers if I'm not using Outlook Anywhere externally in the org and don't intend to? Keep reading that it's a must so that 2013 can proxy requests, but not really sure
  why it would need to proxy requests if I didn't want to allow OA externally (and going through 2013 CAS).
  I'll also add that the only namespace I've cutover is Autodiscover. I have around 2000 mailboxes migrated over from 2010 on to 2013 and I don't really see any problems (still a good thousand on 2010). Not sure if I was supposed to point rpcclientaccessarray
  records at my 2013 cas, or what advantage that would give. 2010 Exchange mailbox users can connect to 2013 mailboxes when given access (presumably due to Autodiscover). Everything just seems to work.
  So please, if someone could tell me the error of my ways or reaffirm that everything's going according to plan I'd really appreciate it. Apologies if my questions are a little diffuse!
  Joe

  Hi Joe,
  If Exchange 2010 users don’t need to use Outlook Anywhere for external accessing, we can remain the Outlook Anywhere disabled in Exchange 2010. Exchange 2010 mailbox can still retrieve Exchange services (EWS, OOF, OWA, ECP, OAB) by using Autodiscover service
  (SCP for Exchange 2010 internal users).
  For Exchange 2013 mailbox, all Outlook connectivity takes place over Outlook Anywhere(RPC/HTTP)
  even for internal connectivity. The Outlook Anywhere is enabled by default in Exchange 2013.
  Regards,
  Winnie Liang
  TechNet Community Support

• After specifying the external host name under outlook anywhere, users pop up for password

  Dear All,
  I have installed and configured exchange 2013 as a fresh installation on server 2012 and it worked fine till i changed
  specifying the external host name under outlook anywhere(in exchange ECP -> Server -> server -> W12R2-Email2013).
  My internal domain is starnavigator.lk and we have several accepted domains listed. but all the staff checked web mail through
  mail.leoburnett.lk internally and externally. even now web mail is working fine.
  After i added external host name as mail.leoburnett.lk
  all the internal PCs start to pop up for user name and password and its not  connecting. 
  even if I reversed back the settings, still prompt for user name and password. also auto discover cant locate the settings. if i configure the settings manually, i t works for first time and after restarting outlook, again prompt for name and password.Any
  any advice or solution please??
  Thx,
  Dulana

  Run this tool and post the result (only errors)
  https://testconnectivity.microsoft.com/
  After configuring outlook manually, run Test E-Mail Autoconfiguration and Connection Status and post the result.
  Editing just an URL for OA shouldn't cause any issue.
  Did you restarted IIS Service?
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Changing Outlook Anywhere from NTLM to Basic Auth (remote users having issues)

  Hello All:
  We have a terrible vendor that is implementing our transition to Office 365. They told us we had to change the Client Auth method on the CAS to Basic (from NTLM) and all that might occur is for users to enter their creds and click "Remember my credentials".
  Not the case.
  We tested internally & on cell phones - everything went unnoticed. Then peeps from the outside started getting prompted for their UN/PW. Even when they put in their valid creds & check the box, no dice. Reboots, checking Outlook client for the proxy
  settings (which are now set to Basic) sometimes does, sometimes doesn't work. We are baffled as to where we force the setting (which they've received in Outlook), so the road warriors start working.
  Any feedback would be greatly appreciated.
  Thanks.

  Hi,
  Please confirm whether the issue only happens to your external Outlook Anywhere users in Exchange 2010.
  Please run the following command to check your Outlook Anywhere configuratioon:
  Get-OutlookAnywhere | fl
  Confirm that the ClientAuthenticationMethod parameter and IISAuthenticationMethod are both set to Basic. If this is any changes, please run:
  Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods Basic
  Then restart IIS service by using running IISReset from a command prompt window.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Exchange Server 2013 Outlook Anywhere issue

  I am working on an issue with Outlook Anywhere in Exchange 2013 where external users cannot connect. This is a new server co-existing with an Exchange
  2010 server that will soon be decommissioned.
  When I run an Outlook Connectivity test on testexchangeconnectivity.com I get the following error. I am not seeing anything in the application or system logs.
  I already applied CU 6 (which was released today) and am seeing the same results. Port 443 is exposed directly to the web (no TMG, load balancer, proxy server, or SSL accelerator). Any help would be greatly appreciated! 
  Attempting to ping RPC proxy <external Exchange URL>.
  RPC Proxy can't be pinged.
  Additional Details
  An unexpected network-level exception was encountered. Exception details:
  Message: The remote server returned an error: (500) Internal Server Error.
  Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
  Stack trace:
  at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
  Exception details:
  Message: The remote server returned an error: (500) Internal Server Error.
  Type: System.Net.WebException
  Stack trace:
  at System.Net.HttpWebRequest.GetResponse()
  at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
  at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  Elapsed Time: 290 ms.

  Hi,
  Does the issue only happen to your Exchange 2013 external users? How about Exchange 2010 users?
  Please make sure the external host name in your external Exchange URL is pointed to your Exchange 2013 in public DNS. For your coexistence environment, please make sure the Outlook Anywhere configurations are correct in both Exchange 2010 and Exchange 2013.
  We can run the following command to check it:
  Get-OutlookAnywhere | FL
  If the configuration is not correct, we can run the following command to set it(supposing the mail.domain.com is your External host name):
  For Exchange 2010:
  Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
  For Exchange 2013:
  Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalHostname mail.domain.com -ExternalHostname mail.domain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl
  $True -InternalClientsRequireSsl $true
  After all settings, please recycle MS Exchange RPCProxy AppPools and Default AppPools on both Exchange 2013 and Exchange 2010. Then restart IIS service by running IISReset /noforce from a command prompt window.
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook Anywhere Password Prompts - Only on certain external networks

  I am running a standalone Exchange 2007 SP3 server on Windows Server 2008.  I have published Outlook Anywhere via ISA 2006.  Outlook Anywhere is configured for Basic Authentication.  All clients are using Windows 7 with Outlook 2007 with latest
  service pack.  This is not a new configuration, I have been running this for quite some time.
  I have a strange issue going on.  The issue is that Outlook Anywhere users receive a prompt for their username and password ONLY when they are connected to certain external networks. Users began reporting this several months back.  It happens on
  all mobile users that I have tested with. 
  Basically, what happens is a user takes their domain joined laptop out to another work site.  This site is not connected to our network.  The IT department of the site connects my users laptop to there network.  User then starts Outlook, Outlook
  connects via HTTPS as it should, down in the bottom of Outlook it shows that it is connected to Exchange.  However, within usually about 30 seconds the password prompt comes up.  User puts password in and clicks remember and OK, but
  the password box comes right back up.  Sometimes it will except the password and run for a little while but then prompt again.
  If I check Outlook Connection Status it displays that connections are established via HTTPS as they should be.  Latency isn't too high averaging about 150 - 300ms.
  If the user clicks Cancel instead of entering their password, Outlook will continue to run and it can send and receive email. Connection status still will show connected. However, if the user opens the address book and tries to access one of our
  Address lists other than the GAL, then Outlook displays a message stating the user doesn't have permission.  If the user clicks need password at the bottom and then enters their password at the prompt the address book will work. 
  This happens at several work sites, each different networks.  My first thought is some sort of firewall issue at the sites but the IT at the sites say there should be no firewall blocking going on.
  I have tested probably 5-6 other wifi networks, both public and private and Outlook Anywhere works perfectly on everything but these few work sites.
  I have used testexchangeconnectivity.com at the sites at it tests fine.  I have cleared the cached credentials from "Manage Windows Credentials". 
  Any assistance is appreciated.

  I am running a standalone Exchange 2007 SP3 server on Windows Server 2008.  I have published Outlook Anywhere via ISA 2006.  Outlook Anywhere is configured for Basic Authentication.  All clients are using Windows 7 with Outlook 2007 with latest
  service pack.  This is not a new configuration, I have been running this for quite some time.
  I have a strange issue going on. The issue is that Outlook Anywhere users receive a prompt for their username and password ONLY when they are connected to certain external networks. Users began reporting this several months back.  It happens on all
  mobile users that I have tested with. 
  Basically, what happens is a user takes their domain joined laptop out to another work site.  This site is not connected to our network.  The IT department of the site connects my users laptop to there network.  User then starts Outlook, Outlook
  connects via HTTPS as it should, down in the bottom of Outlook it shows that it is connected to Exchange.  However, within usually about 30 seconds the password prompt comes up.  User puts password in and clicks remember and OK, but
  the password box comes right back up.  Sometimes it will except the password and run for a little while but then prompt again.
  If I check Outlook Connection Status it displays that connections are established via HTTPS as they should be.  Latency isn't too high averaging about 150 - 300ms.
  If the user clicks Cancel instead of entering their password, Outlook will continue to run and it can send and receive email. Connection status still will show connected. However, if the user opens the address book and tries to access one of our
  Address lists other than the GAL, then Outlook displays a message stating the user doesn't have permission.  If the user clicks need password at the bottom and then enters their password at the prompt the address book will work. 
  This happens at several work sites, each different networks.  My first thought is some sort of firewall issue at the sites but the IT at the sites say there should be no firewall blocking going on.
  I have tested probably 5-6 other wifi networks, both public and private and Outlook Anywhere works perfectly on everything but these few work sites.
  I have used testexchangeconnectivity.com at the sites at it tests fine.  I have cleared the cached credentials from "Manage Windows Credentials". 
  Any assistance is appreciated.

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support