Outlook requesting users to login
Hi,
Firstly I'll give some background information on our setup before describing the problem. We have a Windows 2003 server with exchange 2003 installed and is on our main domain. We have various other domains for different offices, these have their own domain controllers and are directly linked back to the head office. We also have a number of sites setup which either connect directly to our network or have to go via a VPN. Every user has a mailbox and is setup on the main domain and on their domain where they work. Everyone in the offices have no problems, only the users on site or VPN are having the issue.
The problem we have is, for no apparent reason, since we moved from our old exchange server to a new one, some users are required to enter in their domain credentials to login when starting outlook. This happens randomly to different people, but this morning seemed to effect one specificgroup of people. The login screen would display either blank login, or the name of our old mail server, or the name of our new one, or the domain of the user,rather then the domain on which the mail server is on. This seemingly only effects 2003 outlook, as the 2000/XP versions seem uneffected even though they are in the same site where everyone else is effected.
Also the users lose their mapped drives, and require them to be remapped, specifying the drive letter is already in use in the error. The problem also effects any version of Windows, such as XP and Vista.
Any help on resolving this issue would be greatly appreciated.
March 18th, 2008 1:50am
It seems that no one answered your question.
Anyhow, we have the same problem where I work now. The domain name is different than the email address, so I thought it was related to that. However, Outlook 2007 did not have this problem, and a helpdesk person found a workaround by mistake. This person had several (hard) problems unsderstanding domain, and other types of accounts, and entered our external address (used for rpc over http). With this configuration we haven't had the login screen appear.
I think that also the IP address works well, so it might be related only to netbios names.
I hope this helps.
Free Windows Admin Tool Kit Click here and download it now
March 24th, 2008 8:29pm
Was your old server a domain controller? If so, sometimes the user authentication of "username" and password were being let through as opposed to "Domain\username" and password. All Windows servers default to resolving "username" to their local security system. If the box is a DC, that just happens to be the domain, so they can "cheat" and get away with not putting in the domain name.
Assuming that isn't the issue:
So you have multiple domains? Are they all in the same Forest? If not is there a full two way trust between them?
Have you insured that they accounts these users are logging into have full mailbox permissions to the mailbox?
You also didn't say where you linked the 2003 mailbox to - to an account in the domain with the Exchange server, or directly to theiry other domain account.
Did you check the security log on the Exchange server to see if any failures were recorded? Did you turn on auditing of security failures?
March 25th, 2008 7:21am
dehcbad25 wrote:
It seems that no one answered your question.
Anyhow, we have the same problem where I work now. The domain name is different than the email address, so I thought it was related to that. However, Outlook 2007 did not have this problem, and a helpdesk person found a workaround by mistake. This person had several (hard) problems unsderstanding domain, and other types of accounts, and entered our external address (used for rpc over http). With this configuration we haven't had the login screen appear.
I think that also the IP address works well, so it might be related only to netbios names.
I hope this helps.
We tend to use host file entries for all our servers for most PCs, especially those that go outside the office onsite somewhere. So if Outlook cannot find the server name which is how we generally add their email it will check the IP address and go that way.I will have to see if we can test using the external address, but the problem is quite random and usually doesn't reappear once we are forced to do the login and tell it to remember the password.
HotFix wrote:
Was your old server a domain controller? If so, sometimes the user authentication of "username" and password were being let through as opposed to "Domain\username" and password. All Windows servers default to resolving "username" to their local security system. If the box is a DC, that just happens to be the domain, so they can "cheat" and get away with not putting in the domain name.
Assuming that isn't the issue:
So you have multiple domains? Are they all in the same Forest? If not is there a full two way trust between them?
Have you insured that they accounts these users are logging into have full mailbox permissions to the mailbox?
You also didn't say where you linked the 2003 mailbox to - to an account in the domain with the Exchange server, or directly to theiry other domain account.
Did you check the security log on the Exchange server to see if any failures were recorded? Did you turn on auditing of security failures?
The old server basically ran everything, it was the DC and Exchange server among other things, but now is mostly just the DC and we have a seperate Exchange server, which is when the issue started appearing.For the mailboxes, we have our main domain then all the ones for each office underneath. Every user is setup with an account on the main domain with a mailbox provided, then they are setup with the same settings on their local domain for their office/location, they normally log into their location domain which has full permissions to the mailbox as an external account. The domains are all in the same forest.I can add a little more information here...It seems to mostly occur to users who are outside of the offices, rarely does this occur to anyone inside an office. So those who are onsite using internet connections such as cable, DSL, wireless etc or direct connections to our network are mainly the ones effected. The other day we also had a large number of people all at once get this issue for one domain, all of which were onsite somewhere, everyone in the office on that same domain were uneffected.I will have to check to see if we have auditing on and check the logs, thanks.
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2008 7:19am
cdry_10 wrote:
We tend to use host file entries for all our servers for most PCs, especially those that go outside the office onsite somewhere. So if Outlook cannot find the server name which is how we generally add their email it will check the IP address and go that way.I will have to see if we can test using the external address, but the problem is quite random and usually doesn't reappear once we are forced to do the login and tell it to remember the password.
When your clients are internal to your network, all the servers should be registered in DNS, and the clients should be using DNS to resolve the names. I.E. You should never really need hosts files except for extremely unusual situations.
cdry_10 wrote:
The old server basically ran everything, it was the DC and Exchange server among other things, but now is mostly just the DC and we have a seperate Exchange server, which is when the issue started appearing.
For the mailboxes, we have our main domain then all the ones for each office underneath. Every user is setup with an account on the main domain with a mailbox provided, then they are setup with the same settings on their local domain for their office/location, they normally log into their location domain which has full permissions to the mailbox as an external account. The domains are all in the same forest.I can add a little more information here...It seems to mostly occur to users who are outside of the offices, rarely does this occur to anyone inside an office. So those who are onsite using internet connections such as cable, DSL, wireless etc or direct connections to our network are mainly the ones effected. The other day we also had a large number of people all at once get this issue for one domain, all of which were onsite somewhere, everyone in the office on that same domain were uneffected.I will have to check to see if we have auditing on and check the logs, thanks.
So previously your users could just use a username and password that matched the one in the main domain hosting the Exchange server, and since the server was a DC it would auto-resolve those usernames to the local domain. Now that it is a seperate member server, if your users hand it just a "username" it will auto-resolve them to the local security database on itself an fail. The users must supply their credentials with the domain name they are trying to authenticate to. I.E. Domain\Usersname. This was a change of moving an Exchange server off of a DC to a member server, and should have nothing to do with your multiple child domains.
Your case is an unusual one though. Normally people will link the mailbox directly to the AD account in the child domain if they are in the same forest. Generally the Associated External Account is only used if the AD account being used for permissions is in another forest. At that point you disable the AD account hosting the mailbox, at which point the associated external account is used.
I.E. I haven't seen people try to use the external account permissions on an account internal to the AD forest.
Is it possible for you to remove the main domain account, and re-link the mailboxes to their child domain accounts? BTW I hope you have redundant and high speed access to the other office DCs. If not consider putting up redundant DCs in the main site where you have the Exchange server so it doesn't have to traverse the WAN to talk to the child domains.
April 1st, 2008 9:45pm