Outlook Anywhere Password Prompts - Only on certain external networks

Similar Messages

• Exchange 2013 - External Windows XP/Outlook 2007 Password Prompt

  I have an Exchange 2013 server and everything is working correctly internal with XP clients that are connected to the domain.  My problem is that the Windows XP computers that are connecting from outside of the office that aren't connected to the domain
  and have local usernames and passwords keep getting the password prompts.  I put in the correct domain\username and password and it connects.  The if I close and reopen it asks me for the password, I have saved the credentials but it still asks.
   I have look and applied these settings from these articles but I'm still having the issue.  All of the internal and external names match my GoDaddy SSL certificate (mail.domain.com). Get-OutlookAnywhere shows:
  ExternalHostname                   : mail.domain.com
  InternalHostname                   : mail.domain.com
  ExternalClientAuthenticationMethod : Negotiate
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/
  http://pickettsproblems.wordpress.com/2013/04/08/windows-xp-users-not-connecting-to-exchange-2013-server/

  Here is my XML log from Test E-mail AutoConfiguration if you need it:
  <?xml version="1.0" encoding="utf-8"?>
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
      <User>
        <DisplayName>Ryan Laurie</DisplayName>
        <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=03614938e08f481b8f7e1bbc7346aa22-Ryan</LegacyDN>
        <AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
        <DeploymentId>463444fb-5651-4b0f-91e5-6356fc132a95</DeploymentId>
      </User>
      <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <MicrosoftOnline>False</MicrosoftOnline>
        <Protocol>
          <Type>EXCH</Type>
          <Server>[email protected]</Server>
          <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
          <ServerVersion>73C08204</ServerVersion>
          <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
          <PublicFolderServer>Exchange.mydomain.local</PublicFolderServer>
          <AD>SERVER2.mydomain.local</AD>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>off</ServerExclusiveConnect>
        </Protocol>
        <Protocol>
          <Type>EXPR</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>on</ServerExclusiveConnect>
          <EwsPartnerUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsPartnerUrl>
        </Protocol>
        <Protocol>
          <Type>WEB</Type>
          <Internal>
            <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.mydomain.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXCH</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </Internal>
          <External>
            <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXPR</Type>
              <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </External>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>mail.mydomain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=mydomain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=mydomain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-photo>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=mydomain.local</EcpUrl-extinstall>
          <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mail.mydomain.com/OAB/a9a90db6-fd7f-492b-9e29-4848f16cae2f/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
        </Protocol>
      </Account>
    </Response>
  </Autodiscover>

• Exchange 2013 external outlook autodisover password prompt

  I've set up a new infrastructure for our network with a 2k12 DC and a 2k12 member running Exchange 2013. The internal domain is set up like ad.domainname.com and I've configured mailflow for domain.com on Exchange which works perfectly. Internal autodiscover
  works like a charm and with https://testconnectivity.microsoft.com/ I get green results for the autodiscover.domain.com on activesync, autosetup and outlook connectivity. I've used a comodo wildcard ssl
  certificate for the domain.
  However when I try to use autosetup on outlook it gives a password prompt on both the 2nd and 3rd step which I have to enter like domainname\username to get past them. After that it works fine but I want it to configure automatically without the extra password
  prompt.
  On mobile devices it searches for the settings and then asks for the servername and domain credentials. I would like this to be auto configured as well but I can't find the reason why it prompts for this.

  I've set up a new infrastructure for our network with a 2k12 DC and a 2k12 member running Exchange 2013. The internal domain is set up like ad.domainname.com and I've configured mailflow for domain.com on Exchange which works perfectly. Internal autodiscover
  works like a charm and with https://testconnectivity.microsoft.com/ I get green results for the autodiscover.domain.com on activesync, autosetup and outlook connectivity. I've used a comodo wildcard ssl
  certificate for the domain.
  However when I try to use autosetup on outlook it gives a password prompt on both the 2nd and 3rd step which I have to enter like domainname\username to get past them. After that it works fine but I want it to configure automatically without the extra password
  prompt.
  On mobile devices it searches for the settings and then asks for the servername and domain credentials. I would like this to be auto configured as well but I can't find the reason why it prompts for this.
  For the Outlook setup are you using a Domain joined computer or a nondomain joined computer?  For NonDomain joined computer you will always get prompted for a password because there is no AD Security token to send to Exchange to verify.  Same thing
  with ActiveSync.  Your phone isn't joined to the domain, so it has to ask for a password to verify your identity.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• 2010 to 2013 Public Folder Migration - PF work in OWA but not outlook Client, password prompt?

  Hello All,
  I have migrated all public folders from Exchange 2010 Sp3 to Exchange 2013 Cu7. You can access the public folders without any problems in OWA.
  When trying to access in outlook i will get a password/username prompt. If i enter my details in this it will keep popping up even with the remember me button ticked.
  When i check the connection status i see the below the status which is "connecting" is the PF; it will never connect.
  I have done:
  Reboots
  Restart the Microsoft Exchange RPC Client Access service on the Exchange 2013 server
  Tried changing the Logon network security in the outlook client which made no difference:
  Tried logging into the outlook client as different user which made no difference
  What else can i do please?
  Help Appreciated!

  Hi,
  Please check if you have NTLM configured for Outlook Anywhere on your Exchange 2010.
  Get-OutlookAnywhere | fl Identity,*auth*
  And please check the server the public folder is trying to connect.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Mavericks Outlook 2011 Password Prompt (Solution)

  I have a Macbook Pro running Mavericks.  Outlook 2011 kept pushing the password prompt to the screen.  I have searched and searched for a solution.  I have seen the following solutions offered:
  Issues with Keychain corruption
  Outlook autodiscovery
  Deleting files
  Reinstalling Outlook
  Reinstalling Mavericks
  I'm not doing any reinstalls because until I installed Mavericks I didn't have Outlook problems.  So reinstalling Outlook and the OS was not an option for me because I do so much work on my Mac.
  But I'm in IT so I decided to begin to dig deep into this because regardless of the proposed solutions offered there was still someone in the thread say, "I tried this but it didn't work for me."  I too was one of them. 
  The distinction I needed popped into to my face looking at another thread but the user didn't answer the guys question. He simply asked the complaining user, "Are you on wireless, 802.1x?"  That was it. 
  I was on wireless 802.1x environment. 
  Our wireless controller does authenticate to the Active Directory server.
  I did use the iPhone Configuration Utility to create my wifi profile.
  I did import the CAs needed for my profile.
  My profile does work.
  But what about the Exchange portion of my profile?
  The Exchange portion of my profile was EMPTY?  The password kept coming back because my user/machine level authentication was being managed by my wireless profile.  Due to this my profile took responsibility for authenticating to my WIFI connection as well as my Exchange account.  In the end the profile seems to takes precedence in the 802.1x authentication. 
  I went back the iPhone Configuration Utility, clicked on my profile, clicked on the Exchange and filled in my domain\username, my email address, my password and a few other boxes.  I exported my profile to my desktop and clicked on it.  Since my profile still had the same name I was asked if I wanted to "Overwrite" my existing profile to which I responded, "Yes"
  Since yesterday I have not had anymore issues with Outlook or Office Communicator. 
  To add I still disabled App Nap. 
  I hope this helps anyone.  If you have migrated from MLion to Mavericks running MS Office you will have this problem if you are working in an 802.1x wireless environment. 

  I've included a pic of the iPhone Configuration Utility showing the Exchange section.  I hope this helps someone.

• Outlook 2013 password prompts

  When I'm using Outlook 2013 client from home laptop (not joined to domain)I get random password prompts saying connecting to [email protected] I just close them all (9 prompts) and I can continue to use Outlook normally. Outlook doesn't accept
  any credentials to those prompts. Our Exchange server is 2010. How can I trace what is causing those prompts?

  Hi
  Check your credential manager for any old passwords. Is this an exchange or pop account? Try changing your authentication method in outlook to use basic instead of NTLM and see if the popups disappear.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Outlook anywhere in 2007/2013 coexistence

  Hi!
  I have a multitenant exchange 2007 at a single server setup and I’m trying to do migration to exchange 2013. I’m testing this in my lab environment before I go the production. I’m quite far and for example the owa redirection to exchange
  2007 works. Also I can connect with outlook anywhere the exchange 2013 server when the mailbox is transferred.
  Problem is that the exchange 2013 proxy redirection to 2007 server isn’t working. My Outlook 2010 just keeps asking username and password. Outlooks are configured to connect with basic authentication.
  I have done a lot of googling about the issue and there is a lot of discussion about it. I have tried a lot of things and I’m quite lost now.
  I have tried to configure the externalclientauthenticationmethod, internalauthenticationmethod and IISauthenticationmethods with different kind of setups but can’t get it to work. Also tried to change the internal and external hostnames.
  My outlook anywhere setup at 2007 server is:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE07
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : legacy.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl      
     : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://wcn-exchange07.welcomnet.fi/W3SVC/1/ROOT/Rpc
  Path                              
  : C:\WINDOWS\System32\RpcProxy
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion               
  : Version 8.3 (Build 83.6)
  Server                            
  : WCN-EXCHANGE07
  AdminDisplayName                  
  ExchangeVersion                 
    : 0.1 (8.0.535.0)
  Name                              
  : Rpc (Default Web Site)
  ObjectClass                       
  : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:56:18
  WhenCreated          
               : 14.10.2008 12:33:07
  WhenChangedUTC                    
  : 14.5.2014 17:56:18
  WhenCreatedUTC                    
  : 14.10.2008 9:33:07
  Exchange 2013 outook anywhere setup:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE13
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : exchange07.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl         
  : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://exchange13.xxx.fi/W3SVC/1/ROOT/Rpc
  Path 
                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion             
    : Version 15.0 (Build 847.32)
  Server                            
  : WCN-EXCHANGE13
  AdminDisplayName                  
  ExchangeVersion                   
  : 0.20 (15.0.0.0)
  Name                       
         : Rpc (Default Web Site)
  ObjectClass         
                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:55:56
  WhenCreated                       
  : 2.4.2014 0:57:19
  WhenChangedUTC                    
  : 14.5.2014 17:55:56
  WhenCreatedUTC                    
  : 1.4.2014 21:57:19
  Any help would be appreciated.

  Hi,
  Firstly, I'd like to explain, only in Exchange 2013, internal and external Outlook clients use Outlook Anywhere. Thus,in Exchange 2007, Outlook Anywhere settings can only include the external host name.
  And based on my experience, the credential issue is related to connectivity issue, authentication issue or public folder access.
  So I'd like to confirm the following information to understand more about the issue:
  1.  Does the issue happens on all users? users on Exhcange 2007 or 2013? internal users or external users?
  As far as I know, redirection and proxy don't happen on Outlook clients:
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  2. Which IP address do your host name points to? legacy.xxx.fi, exchange07.xxx.fi?
  3. Check the Outlook Anywhere connectivity of the problematic users by ExRCA:
  https://testconnectivity.microsoft.com/
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Exchange 2003 - Continous password prompts in Outlook 2010

  Hi. 
  A customer is experiencing continous password prompts in Outlook 2010. Outlook is configured against the Exchange 2003 BE server (FQDN) and Outlook Anywhere is configured to sync.customer.com with a valid 3rd party certificate. 
  Outlook is configured with Negotitate as Logon network security, setting this to basic/NTLM does not help. Connect to Microsoft Exchange using HTTP is set and configured with sync.customer.com, and msstd:sync.customer.com. All points checked except "On
  fast networks, connect using HTTP first, then connect using TCP/IP", authentication is set to Basic. Changing authentication from Basic to NTLM seem to make the problem vanish. 
  Outlook Anywhere is functioning correctly and only prompting once for password when connecting from an external network. ISA is not configured for NTLM/Kerberos.
  Exchange 2003 is located in main site in a resource domain. The prompts occur more often in two remote sites than the main site. 
  When opening Outlook RPCDiag shows established connection to BE and Active Directory, sometimes with prompt and sometimes without. After about 5 minutes the prompt may reappear, entering password does not remove the prompt, clicking cancel puts Outlook in
  the "Need password" state, clicking this usually successfully connect Outlook to Exchange. Other times this just cause the prompt to reappear. 
  I´ve tried adding the internal and/or external IP address of the ISA server as sync.customer.com in the host-file on a client and forcing RPC/HTTPS through the DisableRpcTcpFallback, still getting the password prompts. 
  We have also been through the KB975363, changing the MaxConcurrentAPI on all domain controllers. 
  Finally, we know Exchange 2003 is in a unsupported state so there is no need to comment this. 

  Hi,
  Firstly, I'd like to explian, basic authentication requires the user to enter domain, user name, and password. Thus, it's an expected behavior that the credential prompts once when the authentication is set to basic and it disappears when it's NTLM authentication:
  http://technet.microsoft.com/en-us/library/aa996225(v=exchg.65).aspx
  For the issue that the credential keeps prompting, I'd like to confirm if Outlook 2003 works well. If yes, you can refer to the following article:
  http://support.microsoft.com/kb/927612/en-us
  If all outlook clients prompt credential, you can check the RPC over HTTP connectivity by ExRCA:
  https://testconnectivity.microsoft.com/
  http://support.microsoft.com/kb/820281/en-us
  Thanks,
  Angela Shi
  TechNet Community Support

• Migrating to 2013 from 2007 with Outlook Anywhere disabled

  Hello
  I'm in the middle of a migration from 2007 With Outlook anywhere disabled.
  After I installed 2013 I added the external url to both inside and outside url's on CliantAccess, o-anywhere url and Virtual catalogs.
  When I configured the External Access domain on the 2013 it also added this on the external url's on the 2007 server. On the 2007 server i manuelly changed the external url's to the Legacy name which is mail.domain.com. The New server is webmail.domain.com
  both internally and externally. The servers real name is xxmail.domain.internal
  After this, when I configure an Outlook Client With a user on the old server With autodiscover it configures it With Outlook anywhere, not mapi, but With the external name of the New server, webmail.domain.com under http Proxy settings. When I then
  moved this user to the New server it stopped working in Outlook.
  Is the best approch to enable Outlook anywhere on the 2007 server before migrating the users or can I og from mapi/rpc to rpc over http in 2013 without Outlook problems?
  Regards

  Hi,
  Firstly, I’d like to explain, all users in Exchange 2013 use Outlook Anywhere. The information of Exchange proxy settings tab is automatically updated by Autodiscover.
  I recommend you the following troubleshooting:
  1. Check the Autodiscover configuration on both Exchange 2007 and Exchange 2013 servers:
  Get-clientaccessserver |fl autodiscoverserviceinternaluri
  2. Check if there is any DNS entry about the legacy name points to Exchange 2007 IP address.
  3. Check if you can logon OWA with both Exchange 2007 and Exchange 2013 server.
  Best regards,
  Angela Shi
  TechNet Community Support

• After specifying the external host name under outlook anywhere, users pop up for password

  Dear All,
  I have installed and configured exchange 2013 as a fresh installation on server 2012 and it worked fine till i changed
  specifying the external host name under outlook anywhere(in exchange ECP -> Server -> server -> W12R2-Email2013).
  My internal domain is starnavigator.lk and we have several accepted domains listed. but all the staff checked web mail through
  mail.leoburnett.lk internally and externally. even now web mail is working fine.
  After i added external host name as mail.leoburnett.lk
  all the internal PCs start to pop up for user name and password and its not  connecting. 
  even if I reversed back the settings, still prompt for user name and password. also auto discover cant locate the settings. if i configure the settings manually, i t works for first time and after restarting outlook, again prompt for name and password.Any
  any advice or solution please??
  Thx,
  Dulana

  Run this tool and post the result (only errors)
  https://testconnectivity.microsoft.com/
  After configuring outlook manually, run Test E-Mail Autoconfiguration and Connection Status and post the result.
  Editing just an URL for OA shouldn't cause any issue.
  Did you restarted IIS Service?
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Outlook Anywhere Prompts for Credentials only for Outlook 2010, not Outlook 2013

  I'm having a heck of a time with this one.  We have Exchange 2010 on premise, with our filtering through EOP.  Clients that are using Outlook 2010 Professional Plus are continuously getting prompted for credentials when off network and relying
  on Outlook Anywhere.
  I've read many threads about configuring credential manager appropriately for the internal domain and our external domain.  I can get them to authenticate just fine, and email flows, but they continue to be prompted everytime they connect again.
  Here is the kicker:  When I install Outlook 2013 on the same computer, outlook anywhere functions just fine, no problems, no authentication prompt.
  Like I said I have read a plethera of articles and threads about this, I have gone through all settings on Exchange, our edge server, our firewall, our certificate.  The MSSTD string matches our "Issued To" string.  NTLM authentication
  is configured on both the client and the server.  Appropriate settings are configured on the firewalls. 
  Anyone know why Outlook 2010 would have this problem, but not Outlook 2013 on the same computer, same user, same mailbox database?  
  Thanks in advance!!!

  I'd still Echo Ed's original question.
  Do you have Outlook 2010 patched up?  At this time you need to be on SP1, and SP2 by October the 14th.
  Also I expect you to have a recent update ontop of that as well.
  http://blogs.technet.com/b/rmilne/archive/2014/04/14/office-2010-sp2_1320_-do-you-need-to-upgrade_3f00_.aspx
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Outlook Anywhere, NTLM, TMG, password prompt but cancels works?

  I've managed to get NTLM authentication working with TMG and Exchange 2010 (Make sure you switch your Application Pool for the RPC app over to a local system!). We also run Lync.
  So here is the thing. I log into a domain laptop with cached credentials and then connect to a Verizon access point. Now Lync connects automatically no password needed. Then I open Outlook which connects no problem no password needed!
  Awesome that is what I wanted. Then after about 30 seconds......password prompt. If I enter the password everything is good. If I click cancel the little need password icon is displayed down at the bottom of outlook. I click on that and outlook reconnects
  without me ever having to enter a password.
  I have been watching the log on the TMG server and I don't see anything odd going on other than and occasional Status 64 The specified network name is no longer available error which I understand from other posts is by design.
  It's not a show stopper by any means but I just don't understand what is going on here. Anyone have any ideas? 

  Hello,
  Firstly, please test Outlook Anywhere in an internal environment:
  On a internal outlook client, check on “on fast networks, connect using http first, then connect using TCP/IP”.
  If the issue does not work, the issue is related to the TMG, you may need to inquiry on the TMG forum for more accurate suggestions.
  Thanks,
  Simon Wu
  Exchange Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Password prompts - Exchange 2013 RTM vs. [Outlook 2007 & Outlook 2010] - Fully patched

  Exchange 2013 RTM  - Multi-Tenant
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Clients using Outlook Anywhere only, not Exchange domain members.
  1. Windows XP SP3 (fully patched), Outlook 2007 SP3 + Nov 2012 Patch - When launching Outlook prompts for password only once.
  2. Windows 7 (fully patched), Outlook 2010 (fully patched) - When launching Outlook doesn't prompt for password.
  I'm aware of this:
  http://support.microsoft.com/kb/956531
  The goal - Eliminate issue with password prompts for Windows XP.
  Any chance resolving this? CU install? Anything else?
  Thanks.
  Memento Mori

  Hi,
  Based on my experience, the credential issue is mostly likely caused by authentication method.
  And I recommend the following troubleshooting:
  1. Change LmCompatibilityLevel on the windows XP client to a value of 2 or 3:
  a. Click Start, click Run, type regedit in the Open box, and then press ENTER.
  b. Locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  c. In the pane on the right side, double-click lmcompatibilitylevel.
  d. In the Value data box, type a value of 2 or 3 that is appropriate for your environment, and then click OK.
  e. Exit Registry Editor.
  f. Restart your computer
  2. Reset the windows credential store.
  If you have any question, please feel free to let me know. 
  Thanks,
  Angela Shi
  TechNet Community Support

• Outlook Anywhere External Hostname

  Good dayI am busy doing a few tests in my Lab environment with regards to Exchange 2010 Outlook anywhere.Do any of you know if it possible to setup Outlook anywhere with an external hostname that differs from what the CAS hostname is?Taking into account that you have configured all the rest of the requirements for Outlook anywhere such as setting up the SAN certificate with all the correct FQDNs, setting up DNS etc.I have also configured the OutlookProvider (Set-OutlookProvider -Identity EXPR..) with the FQDN that I want to use for Outlook anywhere.What I have found is that when I configure my Outlook client to use this new proxy address instead of the CAS hostname it prompts for a password and does not accept the password that is given. I can see in Outlook clients connection status that it is indeed trying to connect to my Outlook...
  This topic first appeared in the Spiceworks Community

  Hi,
  According to your description, you have minimized the certificate names before you set the internal and external host names of Outlook Anywhere and other services' URLs. If I misunderstand your meaning, please feel free to let me know.
  If yes, As Martina said, I recommend you set all URLs and internal and external OA host names with the name mail.company.com. Then we can confirm the internal DNS record about the name. To test Autodisocver, we can directly access its URL which is set in
  the property AutodiscoverServiceInternalURI.
  Additionally, based on my research, for the error when you run the New-TestCasConnectivityUser.ps1 script, you can opened the script in notepad and found the line beginning “new-mailbox” – and deleted the parameter “–OrgainisationalUnit:$OrganistationalUnit”:
  http://www.definit.co.uk/2011/03/exchange-2010-createtestuser-mailbox-could-not-be-created-verify-that-ou-users-exists-and-that-password-meets-complexity-requirements/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Angela Shi
  TechNet Community Support