none
Outlook 2007 (OWA) Keeps asking for Password!!!

    Question

  • Hi all,

     

    I've been running Exchange 2007 for 1 year now and everything worked fine since i notified a strange behaviour highlighted by my users.

     

    If OWA is enabled on Outlook 2007 and the option "On fast networks,connect using HTTP first , the connect using TCP/IP" is selected , Outlook keeps asking for the password to connect , even if you are logged into the domain and connected to the company's network.

     

    I'm sure that this option has been ALWAYS selected before ( i upgraded the server in the meanwhile , last update was the rollup 4 if i'm not wrong) and everything worked smoothly for almost 1 year.

     

    If i select,instead, "On slow networks,connect using HTTP first,then connect using TCP/IP" it uses the windows integrated auth and it doesn't ask for any password.

     

    Unfortunately It doesn't still fix the problem for good.

     

    Still some (random) user got the "Password needed " prompt even if the above option is selected.

     

    Exchange 2007 is runnung under Win2k3 X64 SP2.

     

    I'm running Windows Vista SP1 + Office 2007 SP1.

     

    My users are running : XP SP3 + Office 2007 SP1.

     

    Any idea ?

    Please Help!!!!

     

    Regards,

    Eric.

    Monday, November 24, 2008 2:07 PM

All replies

  • Hi,

    First please check connection status in those two scenario.(option check and uncheck).

    Verify connection to Exchange through the Internet

    http://office.microsoft.com/en-us/outlook/HP010363941033.aspx

    Please post the result here.

    Then please check authentication type from Exchange Proxy Settings, it should be NTLM Authentication.

    Besides, please check kb article listing below.

    You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature

    http://support.microsoft.com/kb/820281

    How does Outlook Anywhere work (and not work)?

    http://msexchangeteam.com/archive/2008/06/20/449053.aspx

    Hope it helps.

    Xiu

    Tuesday, November 25, 2008 9:08 AM
  • >First please check connection status in those two scenario.(option check and uncheck).

     

    __________________________________________________________________________

    Scenario 1 :

     

    "On fast networks,connect using HTTP first , the connect using TCP/IP" Checked
    "On slow networks,connect using HTTP first,then connect using TCP/IP" Unchecked
     

     Basic Auth Enabled.

     

    Outlook asks for a password. Once the password is entered ,  Outlook works fine.

    (This was the default scenario for 1 year and everything worked fine)

     

    If NTLM Auth is enabled instead of Basic ,Outlook keeps asking for the password
    and even if the correct password is entered it continues to ask for it

    __________________________________________________________________________

     

    Scenario 2 :

     

    "On fast networks,connect using HTTP first , the connect using TCP/IP" Unchecked
    "On slow networks,connect using HTTP first,then connect using TCP/IP" Checked

     

    Basic Auth Enabled.

     

    Outlook doesn't ask for any password. It works fine.

    IF NTLM auth is enabled instead of Basic , Outlook works fine. No password asked.

    __________________________________________________________________________

     

    I just checked the connection holding the CTRL key and clicking on the outlook icon :

     

    Scenario 1 : Connected via HTTPS , all connections ESTABLISHED.

    Scenario 2 : Connected via TCP/IP (?!) , all connections ESTABLISHED.

     

    What am i missing ?

     

    Regards,

    Eric.

     

    Tuesday, November 25, 2008 9:48 AM
  • Hi,
     
    From the test result,we think that this test should be done in the local network,is that right?
     
    When outlook is in a local area network (LAN) environment, communicates with Exchange by using remote procedure call (RPC) with Transmission Control Protocol/Internet Protocol (TCP/IP).This could be the fast network.

    When using outlook outside of your organization, Outlook can connect to Exchange through the Internet by using remote procedure call (RPC) over HTTP.

    So when user in fast network, we recommend you to communicate with Exchange via TCP/IP. We recommend you to use Scenario 2.

    Besides, With Basic Authentication, the password is sent in clear text. So we recommend you to use Basic authentication over SSL.

    Meanwhile, the recommendation for Outlook Anywhere Authentication mode from Microsoft is to use NTLM authentication over Secure Sockets Layer (SSL).

    Detail information you can refer to the article below:

    Recommendations for Outlook Anywhere

    Hope it helps.

    Xiu

    Wednesday, November 26, 2008 6:47 AM
  • I issued the following command :

     

    Get-OutlookAnywhere -Server exchange2007

     

    ServerName                 : EXCHANGE2007
    SSLOffloading              : False
    ExternalHostname           : webmail.mycompany.com
    ClientAuthenticationMethod : Basic
    IISAuthenticationMethods   : {Basic}
    MetabasePath               : IIS://exchange2007.mycompany.com/W3SVC/1/ROOT/Rpc
    Path                       : C:\WINDOWS\System32\RpcProxy
    Server                     : EXCHANGE2007


    Client and IIS Auth is set to BASIC.

    The problem i've got could be connected to the auth method so i'd like to try to switch it and see what happens.

    According to what i know  both auth methods must be the same in order to work so i tried to issue
    this other command to set the IIS auth to accept NTLM only


    [PS] C:\>Set-OutlookAnywhere -Name:Exchange2007 -DefaultAuthenticationMethod:NTLM

     

    cmdlet Set-OutlookAnywhere at command pipeline position 1
    Supply values for the following parameters:
    Identity:


    It asked for an Identify parameter. I guess it refers to the IIS dir i want to set NTLM Auth on,
    but i'm not completely sure about it (It should know itself the IIS DIR  on which the command must be applied to, i assume)

     

    I tried the following command as well :

     

    Set-OutlookAnywhere -Name Exchange2007 -IISAuthenticationMethod Basic,NTLM
    Set-OutlookAnywhere -Name Exchange2007 -ClientAuthenticationMethod Basic,NTLM

     

    Same identity parameter request.


    Besides,if i use the "Scenario 2" the users inside the internal network don't seem to experience
    the "password prompt" issue anymore.

     

    My real problem ATM is related to the laptop users. They need to be configured with OWA in order to
    get the mail when they are out of the office (they use a Vodafone Key).

     

    When they are not inside the company , Outlook asks for a password (which is correct) and they
    retrieve the mail with no probs at all.

     

    This scenario works fine for me , but the computers configured with the OWA (Exchange Proxy)
    get randomly disconnected when they are connected to the internal LAN.

    I can't ask the users to switch config everytime they need to retrieve the mail outside the company.


    Confusing,isn't it ?

     

    Regards,
    Eric.

    Wednesday, November 26, 2008 9:59 AM
  •  Eric Draven wrote:

    It asked for an Identify parameter. I guess it refers to the IIS dir i want to set NTLM Auth on,
    but i'm not completely sure about it (It should know itself the IIS DIR  on which the command must be applied to, i assume)



    Just do a get-outlookanywhere | fl and look for the identity parameter.
    In your case it should be "EXCHANGE2007\Rpc (Default Web Site)"

    Flo

    Wednesday, December 10, 2008 2:55 PM