-1

I have an issue for a few days, pulling my hair.

Setup is SBS 2008, latest updates, with Exchange 2007 SP3. The problem is that my domain local users are getting prompted for credentials non-stop using outlook 2007.

What the credential popup asks for, is for remote.domain.com login (Welcome to mail.domain.com). It seems to be a base authentication login prompt.

I have tried many things in the exchange connection setting on the clients, trying using NTLM auth, disabling connecting over http, installed sp3 for exchange, tried enabling kernel mode authentication for the windows auth in the authentication section of each of the IIS exchange folders, i've set all the SSL settings to accept the certificates as well for each sub-site.

On client side, ive tried re-creating the profiles, deleting that windows protect folder that keeps credentials in appdata..

Nothing seems to work.

One thing i've noticed, is that remote.domain.com points to the local ip. Is that OK/normal ?

I got a godaddy UCC certificate installed on the SBS. The issue started to appear since i've installed that certificate. I've tried installing the certificate on the clients by right clicking the certificate and choosing install, but it didn't change much.

Really tired of messing with this one, if anyone could give an advice i'll be more than happy.

Thanks !!!!!!!!!!!!

Vincent
  • 1
  • 2
  • It sounds like the certificate is the problem. Do you have the FQDN of your server in the certificate in addition to the mail.domain.com and any other URLs that you have listed for your server? – Dresca May 25 '12 at 14:14
  • Yes, server.domain.local, mail.domain.com, autodiscover.domain.com, domain.com, remote.domain.com, they're all in the godaddy ssl cert ! – Vincent May 25 '12 at 14:55
  • Here is what i'm getting : http://dumpt.com/img/files/jsuwdpe9eoys0gmdutp2.jpg – Vincent May 25 '12 at 15:13

1 Answers1

0

You can attempt to run these commands on your exchange server as a work-a-round if this is truly an SSL certificate error.

Open Exchange Management Shell and type the following commands:

Set-ClientAccessServer -Identity SERVER -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “SERVER\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “SERVER\oab (Default Web Site)” -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity “SERVER\unifiedmessaging (Default Web Site)” –InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx

Recycle the MSExchangeAutodiscoverAppPool. The users will no longer receive the SSL alert.

This is only a work around and will work as a temporary fix, but it is recommended to have the correct entries for your SSL certificate so you do not need to use these commands.

Dresca
  • 102
  • 1
  • 7
  • Hello ! Thanks. Is what my users getting really a SSL alert ? I wasn't sure, it's just asking for credentials (i know what a certificate alert is and what it looks like, but it sure doesn't look like that.. i'm getting a standard windows base auth prompt!) I 'think' i got the correct entries in my SSL certificate; server.domain.local, remote.domain.com, autodiscover.domain.com, domain.com .. it seems to have the good stuff in it ! Is it normal that the dns resolves the mail.domain.com as a local ip or that's a problem ? – Vincent May 25 '12 at 14:50
  • Okay, well ran all of these commands, recycled every exchange entry in the app pool.. No go. Btw, had to change the Default Web Site for SBS Web Applications in the command since it's SBS. Do i need a server reboot or exchange services restart or anything else? thanks a lot.. – Vincent May 25 '12 at 15:03
  • Here is the error im getting : http://dumpt.com/img/files/jsuwdpe9eoys0gmdutp2.jpg – Vincent May 25 '12 at 15:13
  • One thing i've also noticed, is that on a new outlook profile creation, the autodiscover pops the same credentials window for mail.domain.com when it tries to do it's magic.. which i think isn't normal Even if i enter domain\user and pass and tick save, wont save. If i close outlook and reopen, it asks within 20 seconds that same credential, and then connects to exchange.. But it will then pop a little later, few minutes later. – Vincent May 25 '12 at 15:21
  • Ok, this may be something with the profile's security settings. It should be set to "Negotiate Authentication" if it is set to basic I know that it will prompt you for login credentials almost every ten minutes. – Dresca May 25 '12 at 15:54
  • Yes ! Exactly what it does. It sets itself to basic when autodiscover runs.. But what i don't understand, is that even if i change outlook's config to use NTLM, or try to disable outlook anywhere, i get the same bugging basic auth window. Nothing will get it to dissapear. I've also noticed that the autodiscover pushes some settings to the client, because it ticks back outlook anywhere by itself sometimes when i disable it. I'm out of ideas aaaaargh !!! – Vincent May 25 '12 at 15:59
  • Ive found a nice writeup here : http://ilantz.wordpress.com/2011/02/08/authentication-pop-ups-and-annoyances-with-exchange-2007-2010-and-outlook-anywhere/ But again, no-go.. i've tried a few things... set the lmcompatibility level to 3 in registry.. nothing seems to help at all – Vincent May 25 '12 at 16:27
  • http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/b9572e9d-34df-4d1c-82fb-a9fb8e1c2283/ You can look here and see if this may help. – Dresca May 25 '12 at 16:40
  • This looks like a similar SBS deployment like you have, check it out: http://manzilain-it.com/2011/01/26/sbs-2003-migration/outlook-2007-prompts-for-network-password-for-remote-domain-com-sbs-2008-network/ – Dresca May 25 '12 at 16:47
  • Nothing works, i'm desperate on this one, really. – Vincent May 26 '12 at 00:39
  • Um. Anyone who reads this.. I've stopped everything exchange related in the IIS7 application pools, msexchangeautodiscover,owa,services,sync,uma,left them stopped, and tried for the heck of it.. no more popup ? i just don't know what i'm doing there, but it WORKS ! i might just have broke something else, but still, there's something related there. ive tried earlier to stop these and restart, and use the recycle feature, but didn't do anything... any ideas? – Vincent May 26 '12 at 02:35
  • Okay, narrowed it down to the MSExchangeAutoDiscoverAppPool ! Whenever i start this one, i get the prompts for credentials. – Vincent May 26 '12 at 02:45
  • Follow up.. Had to recreate IIS virtual folders from scratch to fix the issue. Reference; http://my.opera.com/RavenOverride/blog/2009/06/17/how-to-recreate-all-virtual-directories-for-exchange-2007 – Vincent May 29 '12 at 12:14