Hi Here is my setup: 1 CAS 2010SP1 2 mailbox server with Exchange 2010SP1 in two different site, the main one and a Branch Here is my problem In the branch site users are always prompt to enter their credentials in Outlook 2003/2007/2010 if they are out of the office, working remotely via a VPN connection or with autodiscover. If they are connected in the branch site everything is fine It's happening only for mailboxes located on the branch EXchange server, users on the other server doesn't have this issue. I have tried to move one "affected" mailbox from the branch server to the main site server and the issue stops instantly. Have any hints our clues? thanks

Hi, Where is the CAS server location, in main office or Branch office? Are the two Exchange servers in the different subnet? Since each Mailbox server need one CAS Server and Hub Server in the same AD site, the mailbox server won’t work without CAS in certain AD site. So, can you describe the topology of AD and Exchange server more detail? Meanwhile, please test E-Mail AutoConfiguration and post the result here or send it to me for research. 1. While Outlook is running, hold down the CTRL key, right-click the Outlook icon in the notification area, and then select Test E-mail AutoConfiguration. 2. Verify that the correct e-mail address is in the box next to E-mail Address. 3. Clear the check boxes next to Use Guessmart and Secure Guessmart Authentication. 4. On the Test E-mail AutoConfiguration page, verify that the check box next to Use AutoDiscover is selected, and then click the Test button. 5. Then, please capture the Result window and Log window on the problematic machine. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi The CAS server is in teh main office and all exchange servers are located in the same subnet and in the same active directory site. We only have one domain and one AD site. A Forefront TMG firewall server is publishing our Exchange servers to the web I'll come back with the results of the email autoConfiguration thanks

Ok. Please run the E-Mail AutoConfiguration at your convenience and post the result to me. Meanwhile, the prompt password behavior should be expected for basic authentication. Please assure that NTLM authentication is selected on the Outlook side. I also found one user who found the fix on the Exchange server. Under Autodiscover properties> Directory Security> Authentication Methods>checked "Integrated Windows Authentication". For more information, please refer to the link. http://office.microsoft.com/en-us/outlook-help/use-outlook-anywhere-to-connect-to-your-exchange-server-without-vpn-HP010102444.aspx Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hi thanks for your answer Do I need to change from basic to ntlm in Exchange to; server configuration>client access>properties of cas server>outlook anywhere tab> change from basic to ntlm authentication also i'm using a TMG firewall to publish outlook anywhere do I need to change the authentication delegation from my rule to ntlm? now it is a basic authentication also I can't find the where is the autodiscover properties thanks again

Yes. You can change authentication on both Exchange server and firewall to NTLM to check the result. If the issue persists, please send me the E-Mail AutoConfiguration result. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

How is thing going on? If there is any problem, please feel free to post it here. Regards, Novak Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi I have made the change but now outlook anywhere is not working anymore. I used the remote connectivity analyzer and here is the results Testing RPC/HTTP connectivity. The RPC/HTTP test failed. Test Steps ExRCA is attempting to test Autodiscover for flepage@master.ca. Autodiscover was tested successfully. Test Steps Autodiscover settings for Outlook Anywhere are being validated. ExRCA validated the Outlook Anywhere Autodiscover settings. Attempting to resolve the host name mail.master.ca in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host mail.master.ca to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Testing HTTP Authentication Methods for URL https://mail.master.ca/rpc/rpcproxy.dll. The HTTP authentication test failed. Tell me more about this issue and how to resolve it Additional Details Not all the required authentication methods were found. Methods Found: Basic Methods Required: NTLM here is the results of the get-outlookanywhere cmdlet RunspaceId : 13198db3-8b0a-424b-a462-608f85db9f9b ServerName : VMMAILCAS SSLOffloading : False ExternalHostname : mail.master.ca ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Basic, Ntlm} XropUrl : MetabasePath : IIS://VMMAILCAS.master.ca/W3SVC/1/ROOT/Rpc Path : C:\Windows\System32\RpcProxy ExtendedProtectionTokenChecking : None ExtendedProtectionFlags : {} ExtendedProtectionSPNList : {} Server : VMMAILCAS AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : Rpc (Default Web Site) DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=VMMAILCAS,CN=Servers,CN=Exchange Ad ministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Master,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=master,DC=ca Identity : VMMAILCAS\Rpc (Default Web Site) Guid : 5a7a75ca-1616-4398-be78-9c3bd06f573d ObjectCategory : master.ca/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged : 10/05/2011 11:38:47 AM WhenCreated : 16/10/2010 12:42:14 PM WhenChangedUTC : 10/05/2011 3:38:47 PM WhenCreatedUTC : 16/10/2010 4:42:14 PM OrganizationId : OriginatingServer : VMSUBCA.master.ca IsValid : True It seems that client authentication method is good I don't understand why? thanks

here is the result of the aut-mail configuration sorry for the xml <?xml version="1.0" encoding="utf-8"?> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>Jean-François Auclair</DisplayName> <LegacyDN>/o=Master/ou=Montreal/cn=Recipients/cn=jfauclair</LegacyDN> <AutoDiscoverSMTPAddress>jfauclair@master.ca</AutoDiscoverSMTPAddress> <DeploymentId>5612acba-ecf6-46c2-8ae1-d89f7f01760f</DeploymentId> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>VMMAILCAS.master.ca</Server> <ServerDN>/o=Master/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=VMMAILCAS</ServerDN> <ServerVersion>738180DA</ServerVersion> <MdbDN>/o=Master/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=VMMAILCAS/cn=Microsoft Private MDB</MdbDN> <PublicFolderServer>exchangemaster.master.ca</PublicFolderServer> <AD>VMDCLEBEAU.master.ca</AD> <ASUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</ASUrl> <EwsUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</EwsUrl> <EcpUrl>https://vmmailcas.master.ca/ecp/</EcpUrl> <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um> <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt> <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret> <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms> <OOFUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</OOFUrl> <UMUrl>https://vmmailcas.master.ca/EWS/UM2007Legacy.asmx</UMUrl> <OABUrl>http://vmmailcas.master.ca/OAB/ac96a2fb-a58b-4c4f-98df-a8b8e6cfc78a/</OABUrl> </Protocol> <Protocol> <Type>EXPR</Type> <Server>mail.master.ca</Server> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <ASUrl>https://mail.master.ca/EWS/Exchange.asmx</ASUrl> <EwsUrl>https://mail.master.ca/EWS/Exchange.asmx</EwsUrl> <EcpUrl>https://mail.master.ca/ecp/</EcpUrl> <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um> <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt> <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret> <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms> <OOFUrl>https://mail.master.ca/EWS/Exchange.asmx</OOFUrl> <UMUrl>https://mail.master.ca/EWS/UM2007Legacy.asmx</UMUrl> <OABUrl>https://mail.master.ca/OAB/ac96a2fb-a58b-4c4f-98df-a8b8e6cfc78a/</OABUrl> </Protocol> <Protocol> <Type>WEB</Type> <Internal> <OWAUrl AuthenticationMethod="Basic, Ntlm, WindowsIntegrated">https://vmmailcas.master.ca/owa/</OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</ASUrl> </Protocol> </Internal> <External> <OWAUrl AuthenticationMethod="Fba">https://mail.master.ca/owa/</OWAUrl> <Protocol> <Type>EXPR</Type> <ASUrl>https://mail.master.ca/EWS/Exchange.asmx</ASUrl> </Protocol> </External> </Protocol> </Account> </Response> </Autodiscover>