Hi,

Having attempted to resolve this issue in the Office 365 Forums (https://community.office365.com/en-us/f/156/t/407619), as it was after partially setting up an ADFS server (configured the Wizard to create the ADFS entry in AD, using my Exchange OWA Certificate - eg owa.domain.co.uk, rather than the desired STS.domain.co.uk) and then attempting to activate AD Synchronisation in the Office365 Portal, I noticed that my Outlook clients were prompting for AD credentials (which are no longer recognised). Also. I applied SP1 to my windows 2008 R2 DC's at the same time but I'm pretty sure this not related.

Anyway, the intersting thing is Outlook Anywhere works externally (if I connect a laptop via a 3G dongle) but not the LAN, although I did notice that Outllok 2013 did intermittently work on an internally connected laptop.

I have tried to retrace my steps (remove ADFS and then re-install with correct SSL cert - STS.domain.co.uk) and removed the old ADFS entries using ADSIEDIT (CN=<GUID>,CN=ADFS,CN=Microsoft,CN=Program Data,DC=<Domain>,DC=<COM>) but the Office 365team have suggested that I raise this with the Exchange experts.

Note, I did start to configure SSO 

• Connect to Microsoft Online Services with the credential variable set previously
  • Connect-MsolService Credential $cred
    

 Set the MSOL ADFS Context server, to the ADFS server

• • Set-MsolADFSContext Computer adfs_servername.domain_name.com
    

 BUT DID NOT RUN

• Convert the domain to a federated domain
  • Convert-MsolDomainToFederated DomainName domain_name.comand even tried to disbale ADS

And even tried to disable the Federation

Set-MSOLDomainAuthentication-Authentication Managed -DomainName		

Have you tried installing the MSOL PowerShell on the ADFS server and running the commands there?

Thanks Ed,

I was reluctant to run those commands and set up SSO, until I'd figured out the problem with Outlook prompting for credentials ?

Are you suggesting that I run the commands that I listed above and complete the SSO config command (see below) that this might address the credentials issue ?

Convert-MsolDomainToFederated DomainName domain_name.com

Also, I was actually wondering whether a "failed" but nevertheless attempted install of Dirsync could be causing problems. This was pretty much the last thing I did on a Windows 2008 R2 DC before the credentials issue surfaced but as the install failed (although it had nothing). Anyway, I have since installed dirsysnc successfully and still problems exist.

It is my understanding that you need DirSync for Office 365 to work with AD FS.  You must federate all domains for which you want AD FS to authenticate.

OK Ed, I'll give that a go - just didn't want to make too many changes to a trial (that I may need to back out of).

Just to recap though, is the default on Exchange 2013 Outlook Anywhere Settings, to configure Outlook to use security setting of "Anonymous Logon" or is something that must have changed since Office 365 ?

I'm surprised that despite running commands like the one below, that the settings refuse to change to use "Negotiate Authentication" ? (http://blog.gothamtg.com/2013/10/15/users-constantly-prompted-for-credentials-after-being-migrated-to-exchange-2013/)

Get-OutlookAnywhere -Server Exchange_CAS_Server| Set-OutlookAnywhere -InternalClientAuthenticationMethod NTLM

I don't understand your question.