Password keeps prompt on clients for Outlook Anywhere 2013 published in TMG 2010?

Hello Everyone,

This is information about my scenario:

I have Exchange Server 2013 installed on Windows Server 2012.

I have 2 x Mailbox Servers configured with one DAG, the 2 members are member of this DAG and only one DB has a copy on the second server.

I have 2 CAS Servers configured with NLB on Windows Server 2012.

The Exchange 2013 is configured with Outlook Anywhere with Basic authentication on the 2 load balanced CAS servers.

The internal outlook clients connect to Exchange Server 2013 using HTTPS without any issue.

OWA for Exchange 2013 is published on TMG 2010 and OWA is working fine for internal and external computers.

The used certificate is issued from AD CS, it is imported to all the 4 Exchange Server and to  TMG and it has all the required SANs.

The Root CA certificate and CRL files are imported to user/computer store for external computers.

The Outlook anywhere is published as well  on TMG 2010 and use the same web listener configured with OWA Publishing rule.

For OWA Publishing Rule I use FBA authentication in the listener and Basic authentication in the Authentication Delegation

For Outlook Anywhere Publishing rule I use FBA authentication in the listener (cuz it uses the same OWA publishing rule's listener) and Basic authentication for authentication delegation.

Now my issue is: On external machine not joined to domain with Windows 8 and Outlook 2013 I am trying to connect using Outlook Anywhere but it keeps asking me to type the username and password.

I have checked many things but still can't log-in, so can you help me in solving this issue?!!

Regards,


  • Edited by Anas Jalal Tuesday, April 16, 2013 7:06 PM
April 11th, 2013 10:12pm

@Stefan: the external client in in DMZ. The internal clients connected to my CAS Servers NLB FQDN.

@Satya11: I configured the proxy settings for external users.

Regards,


  • Edited by Anas Jalal Wednesday, April 17, 2013 7:08 AM
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2013 10:08am

Hi,

is Your OWA is working from outside,  you have to check Exchange (outlook any where) reverse proxy, rule which allow authenticated users to access.

to verify open to TMG  console and under firewall, see if the Outlook any where condition is set that all authenticated users, which should be


April 26th, 2013 9:13pm

I have had the same issue for the last several days. Absolutely the same setup as you. The prompts are coming from TMG as you have Basic Auth in the publishing rule for Outlook Anywhere and, I suspect, your CAS is setup for NTLM Auth. We have disabled TMG Pre-Auth and let CAS server do the authentication by changing Outlook Anywhere publishing Authentication Delegation tab to "No delegation, but client may authenticate directly" and Users tab to "All Users" which basically disables authentication on TMG and pushes back to CAS.

  • Proposed as answer by Gregor0501 Wednesday, October 16, 2013 9:29 AM
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2013 8:36am

Same set up, same issue.  Did you resolve this after?
August 11th, 2013 11:41am

Same-similar issue, windows XP and outlook only though - had to setup reg fix

since outlook keeps defaulting back to NTLM for authentication, the reg fix

changes Outlook anywhere mode back to "Negotiate" and it is a temporary fix..

Maddening..

Free Windows Admin Tool Kit Click here and download it now
August 13th, 2013 3:29pm

set IISAuthenticationMethod NTLM  by Set-outlookanywhere  -iisauthenticatonMethod NTLM.

Hope this will resovle your Issue for intenal user.

thanks:)

September 12th, 2013 6:11pm

I have the same issue in almost an identical configuration. Check your outlook settings. I found that outlook anywhere on the server is setup to basic authentication but my outlook auto changes the authentication to ntlm. Why? I don't know yet. If you manually change it to basic proxy authentication it will most likely work as it is in my case but it it auto change back to ntlm when I start outlook again. I found some articles that I can implement various office 2013 policies to prevent that but I don't believe that's where the issue really is. I think it is a problem with TMG2010 and exchange. I am still looking at it but try it and let me know.

Greg

Free Windows Admin Tool Kit Click here and download it now
October 5th, 2013 7:20pm

I have had the same issue for the last several days. Absolutely the same setup as you. The prompts are coming from TMG as you have Basic Auth in the publishing rule for Outlook Anywhere and, I suspect, your CAS is setup for NTLM Auth. We have disabled TMG Pre-Auth and let CAS server do the authentication by changing Outlook Anywhere publishing Authentication Delegation tab to "No delegation, but client may authenticate directly" and Users tab to "All Users" which basically disables authentication on TMG and pushes back to CAS.


Had the same issue, after disableing TMG auth. everything works fine.
October 16th, 2013 12:32pm

Disableing TMG auth help me too, and what about security ? this is sa safety? Thanks Baej
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2013 6:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics