Connecting in cached mode gives unending prompt for credentials

Hi.

I've been going crazy about this for a while now. I'm in the process of migrating out Exchange 2010 to Exchange 2013 installed on Server2012. CU1 is installed and the first mailbox has been moved to Exchange 2013 (test mailbox) - all mail delivery is working as it shuould. Wildcard certificate installed and owa is working fine. Outlook 2010+2013 is also working without any problems in non-cached mode, but when I shift to cached mode I get a credentials prompt in Outlook, and even though I reply with the same username and password that I logged on with it keeps popping up 1 second after I press ok. I'm thinking OAB and I have tried setting the permissions on the OAB folders, but this hasn't changed anything so I changed 'em back to the default.

Ecxhange connectivity analyzer tells me that RPC over HTTP and autodiscover works like they should, they are finding the SRV record and connecting with that info. Therefore I have not configured a autodiscover.domain.com record in the DNS. 

I have edited all virtual directories (not powershell) on the Exchange2013 server so that both the internal and external address points to the same public external address (mail.domain.com), and I have edited the -AutodiscoverServiceInternalUri to also point at that URL. As far as I can see I've done all the Things on this box that made my Exchange 2010 Work, so I'm kinda lost now, just 1 step away from calling MS and giving up trying to solve it myself..... og what a slap in the face :(

But before I crawl to the phone I just wanted to see if any of you Guys could help me figure out why I keep getting the prompt.

Thanks for reading :)

Best

Thomas

June 24th, 2013 5:03pm

Hi

Did that happen to all users

One thread for information

http://social.technet.microsoft.com/Forums/en-US/e09750e6-7780-44a8-99d0-07c8d7cd1228/some-not-all-clients-getting-prompted-for-credentials-by-outlook-seems-related-to-cached-mode

Please add an authentication method to the CAS serveradd NTLM.

Cheers

Free Windows Admin Tool Kit Click here and download it now
June 25th, 2013 11:14am

Hi and thanks for the reply.

Sorry for my late reply but I have been busy with other things.

 

I have only tested it for this single "test user" which I have moved from 2010 to 2013 as the first and only user.

When I run Get-OulookAnywhere I get the below result (shortened)

ServerName                         : EXCHANGE2010
SSLOffloading                      : False
ExternalHostname                   : post.domain.dk
InternalHostname                   :
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic} 

ServerName                         : EXCHANGE2013
SSLOffloading                      : True
ExternalHostname                   : mail.domain.dk
InternalHostname                   : mail.domain.dk
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

There are no prompts for the users located on the Exchange 2010 server. Both servers act as CAS, HUB and MAILBOX servers as it is a single server setup I'm trying to migrate.

Does the above shed any light on the problem? The problem exist both when connecting with an Outlook client on the internal Network and with an Outlook Client on the external Network.

Thanks for your time.

Thomas

July 3rd, 2013 5:28am

Hi and thanks for the reply.

Sorry for my late reply but I have been busy with other things.

 

I have only tested it for this single "test user" which I have moved from 2010 to 2013 as the first and only user.

When I run Get-OulookAnywhere I get the below result (shortened)

ServerName                         : EXCHANGE2010
SSLOffloading                      : False
ExternalHostname                   : post.domain.dk
InternalHostname                   :
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic} 

ServerName                         : EXCHANGE2013
SSLOffloading                      : True
ExternalHostname                   : mail.domain.dk
InternalHostname                   : mail.domain.dk
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

There are no prompts for the users located on the Exchange 2010 server. Both servers act as CAS, HUB and MAILBOX servers as it is a single server setup I'm trying to migrate.

Does the above shed any light on the problem? The problem exist both when connecting with an Outlook client on the internal Network and with an Outlook Client on the external Network.

Thanks for your time.

Thomas

Set the  ExternalClientAuthenticationMethod  on the 2013 CAS to NTLM as well. Wait about 15 minutes for it kick in ( reboot server if necessary) and test creating new Outlook Profiles.

Since you are using a wildcard, you may need to set the Outlook Provider CertPrincipalName 

http://technet.microsoft.com/en-us/library/bb123683(v=exchg.150).aspx

http://blogs.technet.com/b/exchange/archive/2008/09/29/3406352.aspx

July 3rd, 2013 10:53am

Can't thank you enough Andy, almost tempted to offer having your babies for you :)

It was the ExternalClientAuthenticationMethod that did the trick, The CertPrincipalName I had configured earlier.

Many thanks, saved the week for me :)

July 4th, 2013 8:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics