MAPI over HTTP not working correctly, Outlook 2013 clients prompting for credentials during profile creation or opening depending on security of virtual directory

ENVIRONMENT

-1 Exchange 2013 SP1 CU7 server with all roles that is also a hybrid server with Office 365 tenant, mailboxes are all on premise only LYNC online is being utilized right now.

-Exchange 2013 public folders

-Mix of Outlook 2013 SP1 and Outlook 2010 SP3 clients all fully update to day as of Feb 2015

Outlook anywhere is working perfectly across all clients both internally and externally using autodiscover.  Both Outlook 2013 and 2010 clients can open the program and create a profile automatically via autodiscover and no additional logon prompts are seen.

We set the internal and external mapi virtual directory URLs to a valid URL that also matches the Exchange 2013 SSL certificate.  We set the security to ntlm, negotiate on the mapi virtual directory.  We reset IIS and enabled mapi over http in the org config.  We run in to problems here.

Outlook 2010 clients appear to be working fine.  We can create a new profile and open and close Outlook without any logon prompts and verify that MAPIHTTP and Negotiate are used to connect to Exchange.

Outlook 2013 clients are having problems.  As soon as we try to create a profile it says your administrator has made a change that requires you to restart outlook and then a windows logon prompt appears. If we authenticate Outlook will open and connect.   This logon prompt should not occur.    We can confirm that it is connecting via MAPI HTTP and Negotiate.

If we set the mapi virtual directory to NTLM only then a logon prompt also appears during every open of Outlook 2013.  We can confirm that it is trying to connect with MAPIHTTP via NTLM in the outlook connection test screen.

I do not understand this behavior by Outlook 2013 which was supposed to be designed with MAPI HTTP in mind.  I would think the same issues would occur with Outlook 2010 but they do not.  I am not sure how to resolve this and I am looking for help.





  • Edited by davidbwi Wednesday, March 25, 2015 12:28 AM
March 25th, 2015 12:24am

Hi David,

Please run the following command and post the result:

Get-outlookanywhere  -Identity <Server>\RPC (Default Web Site) |fl name,*auth*

In addition, please check the following settings:

Best regards,

Free Windows Admin Tool Kit Click here and download it now
March 26th, 2015 6:27am

The RPC/HTTP(Outlook anywhere) is working perfectly.  It's when we turn on MAPI/HTTP that Outlook 2013 users have issues.  These settings you ask me to review have nothing to do with MAPI.
March 26th, 2015 6:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics