I configured a brand new exchange 2007 organisation. I have configured Outlook Anywhere with basic auth. On my exchange server i have 4 ip's. I configured wildcard certificates (*.domain.local) on my exchange organisation for all hosted domains. Autodiscover is configured and working, it has a DNS record on one of the ip's of my exchange server. Problem: All the clients are asked for credentials from time to time (5-10 minutes). I mention that after entering credentials, the clients are connected, but after 5-10 minutes they are asked again for credentials. My workarounds: I noticed that all the clients are passing automatically on "rpc over http" mode, even outlook 2k3 users that doesn't use autodiscover... The thing is that my problem isn't generated by basic auth of rpc over http mode because the problem persists after I uncheck the option and restart outlook client. On IIS on exchange I checked that Autodiscover, Public folders, EWS, default site has basic and windows integrated auth enabled. additional details that may help: output of Test-OutlookWebServices | fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address Administrator@ncha dvisors.ro. Id : 1007 Type : Information Message : Testing server S2K8NCHEX1.nchadvisors.local with the published name h ttps://s2k8nchex1.nchadvisors.local/EWS/Exchange.asmx & http://autodi scover.nchadvisors.ro/EWS/Exchange.asmx. Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://S2K8NCHEX1.nchadvisors.local/Autodisco ver/Autodiscover.xml. Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://S2K8NCHEX1.nchadvis ors.local/Autodiscover/Autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://s2k8nchex1.nc hadvisors.local/EWS/Exchange.asmx. The elapsed time was 583 milliseco nds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://s2k8nchex1.n chadvisors.local/EWS/Exchange.asmx. The elapsed time was 0 millisecon ds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://s2k8nchex1.nc hadvisors.local/UnifiedMessaging/Service.asmx. The elapsed time was 9 6 milliseconds. Id : 1013 Type : Error Message : When contacting http://autodiscover.nchadvisors.ro/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthori zed. Id : 1016 Type : Error Message : [EXPR]-Error when contacting the AS service at http://autodiscover.nc hadvisors.ro/EWS/Exchange.asmx. The elapsed time was 45 milliseconds. Id : 1015 Type : Success Message : [EXPR]-Successfully contacted the OAB service at http://autodiscover. nchadvisors.ro/EWS/Exchange.asmx. The elapsed time was 0 milliseconds . Id : 1014 Type : Success Message : [EXPR]-Successfully contacted the UM service at http://autodiscover.n chadvisors.ro/UnifiedMessaging/Service.asmx. The elapsed time was 10 milliseconds. Id : 1017 Type : Success Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://S2k8nch ex1.nchadvisors.local/Rpc. The elapsed time was 5 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. Id : 1021 Type : Information Message : The following web services generated errors. As in EXPR Please use the prior output to diagnose and correct the errors.

What OS are you using?You have four IPs configured for one Exchange Server? Is it only via OWA or also Outlook?I would guess DNS or the four IPs are causing your problem.SF - MCITP:EMA, MCTS

my exchange 2007 is installed on a win2008 x64 server, and the four ip's are mandatory because i have some VPN tunnels with other mail servers and the packages won't pass through tunnel if the package doesn't come from a specific ip/class. all the exchange roles (CAS, Mailbox, UM and transport) are on the same machine (because of the budget). The problem of keep asking passwords is specific to outlook clients, in the case of OWA this doesn't make sense because anyway, for security reasons the session expire after a period of inactivity. If you are asking if the problem persists on OWA during activity, then no, there is no problem. I tried to modify DNS, i suspected it to, but if i try to modify the DNS, and delete all the other IP's for my exchange host, after a while the records are commin' back. It might be somewhere a setting that dinamically updates DNS by querying hosts/ip but i don't know where is it and if is safe/recomended to turn it off. That's why i can't tell if DNS is an issue or not: because the time of updating DNS is almost the same with the time of asking passwords (couple of minutes) Suggestions ? other info that i might provide ?

I solved my problem. Indeed, it was a dns issue. I removed all the records of my exchange host, except one and disabled dynamic updates. The issue was solved imediatedly, with a flushdns for some clients. But there comes another question: is this OK ? disabling the dynamic updates will slow down the network access and responses for computers and users from the entire domain ? maybe even errors ?