Exchange 2013 - Outlook 2010 - Outlook Anywere - NTLM - continuous authentication prompt
Hello,
I have an Exchange 2013 with all roles - Mailbox and Client Access - on a Windwos Server 2012 Standard.
Outlook 2010 with all day today update from Windows Update, Windwos 7 with all updates as of today from Windows Update
The certificates include SAN Names server.dominio.com, autodiscover.dominio.com, dominio.com signed by Godaddy, Exchange accepts as valid the certificate in the EAC,
I have no warning or to set up profiles or by entering a web browser to OWA or ECP with Internet Explorer
Autodiscover automatically configures correctly the user profiles.
Users can use the Out Of Office the Offline Address Book, Address Book, can send and receive emails from your Outlook 2010 client.
Outlook Anywere is configured to use NTLM therefore should not require the user password to authenticate.
Every time I start Outlook 2010 and tried to used a GAL for see users details or Update a Folder I asked the username and password with a Window of Authentication Prompt.
If enter the username and password I can use Outlook without problems
I tried:
Configuring the Kernel Mode Autentication Autodiscover virtual directory of, EWS, OAB and RPC in IIS without result.
Configure Lan Manager Authetification level, set it to Send NTLM responses only, no result
Whenever I open Outlook that asks me username and password and need to connect without asking the password.
Any suggestions?
Thanks for the help.
February 7th, 2013 5:30pm
At this point, I would ask: how are the ULRs configured on the corresponding virtual directories?
Since you are attempting to access the address book when the prompt displays, I'd look more closely at the OAB virtual directory URL settings.
Among the names listed, I'm guessing this one would be most appropriate for the vDir in question:
server.dominio.com
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
Free Windows Admin Tool Kit Click here and download it now
February 7th, 2013 6:47pm
Just started looking at E2K13 myself so I can't tell you where to find those URLs in the EAC but the EMS cmdlets should still work:
*
Get-AutodiscoverVirtualDirectory
Get-WebServicesVirtualDirectory
Get-OABVirtualDirectory
Get-OwaVirtualDirectory
-id "owa (default web site)"
*
There's other URLs for ActiveSync and Unified Messaging but I do not think those comeinto play here.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
February 7th, 2013 7:06pm
Hello
The Active Directory domain (domain.local) is different SMTP domain (dominio.com)
The DNS is as split horizon
In the internal DNS exists forward zone named dominio.com, where are DNS records type A autodiscover.dominio.com, server.dominio.com and dominio.com
In the forward zone used by active directory exists a SRV record _autodiscover._tcp.dominio.local pointing to autodiscover.dominio.com in port 443
The Microsoft Connectivity Analyzer Tool (Client Beta) success find the autodiscover configuration for users in the internal a external domains
All the internal and external URLs pointing to
https://server.dominio.com /autodiscover /EWS /OAB /OWA /RPC /ActiveSync
I think it is something related to authentication in IIS, between clients and server
something like this
http://sumoomicrosoft.blogspot.com/2012/12/exchange-2013-outlook-keeps-asking-for.html
Free Windows Admin Tool Kit Click here and download it now
February 8th, 2013 12:22pm
Anyone can help me
February 10th, 2013 8:48pm
Hi!
Try basic authentication.
Thanks.
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2013 1:08am
Hello, Thanks for the reply
Basic authentication works correctly, but I do not solve the problem according to the requirement, start Outlook without requesting username and password.
February 11th, 2013 10:59am