Outlook anywhere prompts for password
Hi,
Iam facing a problem in Exchange 2007 setup. I have two CAS server in NLB mode as named CAS1 and CAS2 and NLB name is email.domain.com. Outlook anywhere configured & working fine without specifying MSSTD in outlook 2007. But this setting overwritten from Autodiscover service. It prompts for password again and again.......
Also, I have mentioned MSSTD as msstd:CAS1 it is working fine by switching off CAS2.
Acc. to me the problem is in certificate. it shows only Issued to CAS1 and CAS2on 2nd server, without email.domain.com.
Temporary, we have disabled Autodiscovery, all is working fine except Offline address book download.
Can I disable MSSTD settings in Autodiscover.xml?
Or any other suggesions welcome!!!!
Thanks,
Gurpreet
February 12th, 2008 12:54pm
I am having a very similar problem. We only have only 1 client access server but when we try to use autodiscovery we are continuosly asked for username and password. The same thing happens when you are in side or outside the network.
If i remove the tick in the box for
"onlyconnect to proxy servers that have this principal name in their certificate"
This greys out the msstd:mail.domain.com entry. I leave the "connect using SSL only" ticked. When i do this i am able to connect to the mail server using OUTLOOK ANYWHERE and https.
The problem is i would like to use the autodiscover feature for users, the current setup for us does not allow for this.
I believe the UCC certificate that we are using is correct as OWA, OAB, OOF and all the other services appear to be working. All the services have the correct externalurl address.
Has any one seen his before or resolved it?
ANy help would be useful.
Thanks
David
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2008 9:40pm
We are encountering the same issue. Is there a way to remove the msstd:mail.domain.com entry from the autodiscover configuration?
Thank you,
Rich
February 20th, 2008 6:25pm
We had the same issue wich was solved using the information from this post:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2458873&SiteID=17
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2008 2:09am
Yes this issue is still driving me mad. I have tried everything and still activesync does not work outside of the network and my outlook2007 clients do not work with the autodiscover settings.
My current settings are as follows
internal and external DNS are the same [split Dns]
mail.company.com [this is the DNS for the server]
autodiscover.company.com
companynetbios.company.com
companynetbios [netbios name of the server]
My Cert has the following info for SAN in this order
DNS Name=company.com
DNS Name=www.company.com
DNS Name=companynetbios
DNS Name=companynetbios.company.com
DNS Name=mail.company.com
DNS Name=autodiscover.company.com
So the Autodiscovery servicepickups up the following settings:
Microsoft Exchange server: companybios.company.com
Then under connection settings:
Use this URL :
Https://mail.company.com
then under require SSL it puts in
msstd:mail.company.com
However when this is accepted outlook will connect fine on the network but outside it continuously prompts for the password.
So I set the Outlook provider too:
CertPrincipalName : msstd:mail.company.comServer :TTL : 1AdminDisplayName :ExchangeVersion : 0.1 (8.0.535.0)Name : EXPRDistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=USACompany Exchange,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=company,DC=comIdentity : EXPRGuid : 9711ae05-e891-4521-b25c-17ec67694c6cObjectCategory : company.com/Configuration/Schema/ms-Exch-Auto-Discover-Co nfigObjectClass : {top, msExchAutoDiscoverConfig}WhenChanged : 2/28/2008 5:40:04 PMWhenCreated : 8/27/2007 5:03:51 AMOriginatingServer : companynetbios.company.comIsValid : True
Which is suppose to work, but it still prompts for password continuously.
[in the past under server I did have it assosiate with the companynetbios (netbios name of the server) but an one of the help article had a command that set it to null, so none of my outlook providers have a server name]
I ran across this article and am wondering if this is true about the name order?
http://blog.justinho.com/2007/07/09/ActveSyncFailsWithErrorCode0x80072f0dAfterMigrationFromExchange2003ToExchange2007.aspx
SO after reading this other article I thought i would try using the first name in the SAN as the msstd server, which is company.com. And it worked. But how do I get Autodiscovery to populate and use this setting? Do I need to redo my cert and put mail.company.com as the first name?
And if this is the case why isn't is documented better? Will this also be what is causing my Activesync issues?
February 29th, 2008 8:17am
Dear All.....
Thanks for your reply.....
Benhadad: I think MSSTD should be same as ISSUED TO in certificate...
Amill:-
As per my question, we have two CASs having two different certificates installed, having different ISSUED TO in both certificates. In one certificate having ISSUED TO as CAS1& 2nd as CAS2. I meannothing comman between two CASs. So we cannot change OUTLOOKPROVIDER as per http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2458873&SiteID=17. If my ISSUED TO value same in both certificates then it will solve my problem, no dout.
thanks.......
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2008 4:12pm
I think i got the answer.You have to look at your certificate for the issued to name and put it at the CertPrincipalName.Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:extern.fqdnSet-OutlookProvider WEB -Server $null -CertPrincipalName msstd:extern.fqdnsee ma blog http://www.sch0.org/ for detailes
April 16th, 2008 2:54pm
As not real o puntual solution to this case, i found the way just to disable MSTDD while a better solution is found.
Alternate Fix - Disable MSSTD checkbox in Outlook Anywhere
Set-OutlookProvider EXPR -Server $null -CertPrincipalName none
http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845%2D88d2%2D4091%2D8088%2Da6bbce0a4304&ID=278
See u
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2008 2:14am
hello David,
you have to check out your issued certificate and your the authentication tab on CAS erver on org configuration,
thanks in advance.MCSE|2003 Security, MCTS|MS SharePint 2007 Configuration, MCTS |System Center Operations Manager 2007 MCTS|Exchange Server 2010, MCITP|Enterprise Messaging Administrator 2010. Medhat Mousa.
April 9th, 2011 4:55am