Outlook anywhere prompts for password
Hi, Iam facing a problem in Exchange 2007 setup. I have two CAS server in NLB mode as named CAS1 and CAS2 and NLB name is email.domain.com. Outlook anywhere configured & working fine without specifying MSSTD in outlook 2007. But this setting overwritten from Autodiscover service. It prompts for password again and again....... Also, I have mentioned MSSTD as msstd:CAS1 it is working fine by switching off CAS2. Acc. to me the problem is in certificate. it shows only Issued to CAS1 and CAS2on 2nd server, without email.domain.com. Temporary, we have disabled Autodiscovery, all is working fine except Offline address book download. Can I disable MSSTD settings in Autodiscover.xml? Or any other suggesions welcome!!!! Thanks, Gurpreet
February 12th, 2008 12:54pm

I am having a very similar problem. We only have only 1 client access server but when we try to use autodiscovery we are continuosly asked for username and password. The same thing happens when you are in side or outside the network. If i remove the tick in the box for "onlyconnect to proxy servers that have this principal name in their certificate" This greys out the msstd:mail.domain.com entry. I leave the "connect using SSL only" ticked. When i do this i am able to connect to the mail server using OUTLOOK ANYWHERE and https. The problem is i would like to use the autodiscover feature for users, the current setup for us does not allow for this. I believe the UCC certificate that we are using is correct as OWA, OAB, OOF and all the other services appear to be working. All the services have the correct externalurl address. Has any one seen his before or resolved it? ANy help would be useful. Thanks David
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2008 9:40pm

We are encountering the same issue. Is there a way to remove the msstd:mail.domain.com entry from the autodiscover configuration? Thank you, Rich
February 20th, 2008 6:25pm

We had the same issue wich was solved using the information from this post: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2458873&SiteID=17
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2008 2:09am

Yes this issue is still driving me mad. I have tried everything and still activesync does not work outside of the network and my outlook2007 clients do not work with the autodiscover settings. My current settings are as follows internal and external DNS are the same [split Dns] mail.company.com [this is the DNS for the server] autodiscover.company.com companynetbios.company.com companynetbios [netbios name of the server] My Cert has the following info for SAN in this order DNS Name=company.com DNS Name=www.company.com DNS Name=companynetbios DNS Name=companynetbios.company.com DNS Name=mail.company.com DNS Name=autodiscover.company.com So the Autodiscovery servicepickups up the following settings: Microsoft Exchange server: companybios.company.com Then under connection settings: Use this URL : Https://mail.company.com then under require SSL it puts in msstd:mail.company.com However when this is accepted outlook will connect fine on the network but outside it continuously prompts for the password. So I set the Outlook provider too: CertPrincipalName : msstd:mail.company.comServer :TTL : 1AdminDisplayName :ExchangeVersion : 0.1 (8.0.535.0)Name : EXPRDistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=USACompany Exchange,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=company,DC=comIdentity : EXPRGuid : 9711ae05-e891-4521-b25c-17ec67694c6cObjectCategory : company.com/Configuration/Schema/ms-Exch-Auto-Discover-Co nfigObjectClass : {top, msExchAutoDiscoverConfig}WhenChanged : 2/28/2008 5:40:04 PMWhenCreated : 8/27/2007 5:03:51 AMOriginatingServer : companynetbios.company.comIsValid : True Which is suppose to work, but it still prompts for password continuously. [in the past under server I did have it assosiate with the companynetbios (netbios name of the server) but an one of the help article had a command that set it to null, so none of my outlook providers have a server name] I ran across this article and am wondering if this is true about the name order? http://blog.justinho.com/2007/07/09/ActveSyncFailsWithErrorCode0x80072f0dAfterMigrationFromExchange2003ToExchange2007.aspx SO after reading this other article I thought i would try using the first name in the SAN as the msstd server, which is company.com. And it worked. But how do I get Autodiscovery to populate and use this setting? Do I need to redo my cert and put mail.company.com as the first name? And if this is the case why isn't is documented better? Will this also be what is causing my Activesync issues?
February 29th, 2008 8:17am

Dear All..... Thanks for your reply..... Benhadad: I think MSSTD should be same as ISSUED TO in certificate... Amill:- As per my question, we have two CASs having two different certificates installed, having different ISSUED TO in both certificates. In one certificate having ISSUED TO as CAS1& 2nd as CAS2. I meannothing comman between two CASs. So we cannot change OUTLOOKPROVIDER as per http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2458873&SiteID=17. If my ISSUED TO value same in both certificates then it will solve my problem, no dout. thanks.......
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2008 4:12pm

I think i got the answer.You have to look at your certificate for the issued to name and put it at the CertPrincipalName.Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:extern.fqdnSet-OutlookProvider WEB -Server $null -CertPrincipalName msstd:extern.fqdnsee ma blog http://www.sch0.org/ for detailes
April 16th, 2008 2:54pm

As not real o puntual solution to this case, i found the way just to disable MSTDD while a better solution is found. Alternate Fix - Disable MSSTD checkbox in Outlook Anywhere Set-OutlookProvider EXPR -Server $null -CertPrincipalName none http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845%2D88d2%2D4091%2D8088%2Da6bbce0a4304&ID=278 See u
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2008 2:14am

hello David, you have to check out your issued certificate and your the authentication tab on CAS erver on org configuration, thanks in advance.MCSE|2003 Security, MCTS|MS SharePint 2007 Configuration, MCTS |System Center Operations Manager 2007 MCTS|Exchange Server 2010, MCITP|Enterprise Messaging Administrator 2010. Medhat Mousa.
April 9th, 2011 4:55am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics