We are working on installing a new Exchange 2013 environment.

Exchange 2013 SP1 Standard has been installed and then upgraded to CU7.  It is a single box for the CAS and MB roles. It is running Windows Server 2012 R2.

The domain and forest are in 2003 native mode, all domain controllers are running 2003 SP2 to meet the minimums.  Errors logs have been evaluated, DCDIAG runs on all DCs with no errors and repadmin is showing replication is error free.

We have a mixture of XP (service pack 3) and Windows 7 Clients.  Both are running Microsoft Office Professional Plus 2010
Outlook Version 14.0.6023.1000 (32-bit).  The Windows 7 clients open Outlook normally and are not prompted for credentials.  Windows XP clients are prompted for credentials once, each time they launch Outlook.  This is our problem we need to fix.

Clients under both Windows 7 and XP have no problem setting up the initial profile.  It finds the autodiscover quickly and configures the profile.

Because we have separate internal and external domain names  (cofm.com and mab.com) we purchased a SAN certificate from GoDaddy.  It contains the following:
exchange.cofm.com (this is the cn)
autodiscover.cofm.com
exchange.mab.com
autodiscover.mab.com

OWA works fine under either https://exchange.cofm.com or https://exchange.mab.com.  Our users with Apple iPhones, Android and Windows phones have no problem creating connections to activesync.

Under the outlook clients, it doesn't seem to matter if we have selected cached exchange mode or not.  We have changed the "Logon Network Security" to use Negotiate Authentication or Password Authentication (NTLM) and it doesn't seem to matter.  Under the connection status it shows HTTP for Directory and Mail connections.

If we "Test E-mail Autoconfiguration" it connects using the credentials we provide and no errors seem to show up in the XML results.

None of the permissions on the default virtual directories differs from "https://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx"

Any thoughts?

Again...the authentication prompt only occurs with our Windows XP clients running the Outlook 2010...not the Windows 7 clients.  Switching the clients to Windows 7 or later is not in the budget atm.

Tried to look at/modify the providers

[PS] C:\Windows\system32>get-outlookprovider
Creating a new session for implicit remoting of "Get-OutlookProvider" command...

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1

[PS] C:\Windows\system32>Set-OutlookProvider EXPR -CertPrincipalName:"msstd:exchange.cofm.com"
[PS] C:\Windows\system32>Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:exchange.cofm.com
[PS] C:\Windows\system32>iisreset

Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted
[PS] C:\Windows\system32>get-outlookprovider
Creating a new session for implicit remoting of "Get-OutlookProvider" command...

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                        msstd:exchange.cofm.com       1
EXPR                                                        msstd:exchange.cofm.com       1
WEB                                                                                                       1

No difference.

Hi,

According to your description, I understand that Outlook 2010 in Windows XP always prompt credentials every time open Outlook client, however same Outlook version in Windows 7 works fine.
If I misunderstand you concern, please do not hesitate to let me know.

Please try below methods to troubleshooting your questions:
Method 1:
Manually install the certificate on Windows XP computers and place it to Trusted Root Certification Authorities Certificate Store.
Method 2:
Enable Basic authentication in IIS manager for webpage: Default Web Site\Rpc on Exchange server.
Method 3:
Change the MX and A record, and configure relevant SAN, then modify Outlook provider with below command:
Set-OutlookProvider EXPR -CertPrincipalName:"msstd:mydomain.ee"
More details please refer to: https://social.technet.microsoft.com/Forums/exchange/en-US/a7c25d6a-7cfc-40a1-a17e-a1f05f637d53/exchange-2010outlook-anywherewindows-xp-not-working-together?forum=exchange2010

Thanks

Hi Allen:

Tried method 1: No Change

Method 2: Already configured

Method 3:  Only A records are used inside an organization.  MX records are only used between organizations.  I did method 3 previously above.

Other thoughts?  Thank you!