Oturum Aç
 
Ana SayfaKütüphaneEğitimIndirinSorun GidermeForumlar
BT Uzmanları için Kaynaklar >
Outlook Anywhere on Windows XP Clients running Outlook 2010 continually getting password prompt.

Yanıt Outlook Anywhere on Windows XP Clients running Outlook 2010 continually getting password prompt.

  • 12 Nisan 2011 Salı 15:12
     
     
    Oylamak İçin Oturum Aç
    0

    I have a few Windows XP clients in the field with Outlook 2010 on them.   When they try to access our mail server using Outlook Anywhere (RPC over HTTP) they continually get prompted for credentials and none are accepted.   We don't have any reported issues with Vista or Win 7 machines.   What could this possibly be?

     

     

Tüm Yanıtlar

  • 13 Nisan 2011 Çarşamba 08:28
    Moderatör
     
     Yanıt
    Oylamak İçin Oturum Aç
    0

    ·         Hi
            In XP you have to configuring the common name of the certification(the name after “Issue To”) after the “msstd:” in user’s profile. Otherwise, the Outlook will always repeatedly prompts for password. XP is not willing to look at next lines on a SAN certificate, but Windows vista/7 does. And we should use the command to set outlook provider as well: Set-OutlookProvider EXPR -CertPrincipalName:" "msstd:yourdmoain"

                   You can read these two threads about your issue.
                   Outlook Anywhere on Windows XP repeatedly prompts for password
                   Exchange 2010+Outlook Anywhere+Windows XP not working together
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 13 Nisan 2011 Çarşamba 14:39
     
     
    Oylamak İçin Oturum Aç
    0

    I originally thought that was the issue.. so I've done the above listed command.. and the situation persists.

     

     
  • 14 Nisan 2011 Perşembe 02:07
    Moderatör
     
     
    Oylamak İçin Oturum Aç
    0

    Hi
       1.You can read this     article and check your outlook setting on windows XP.
       2. It is the similar discussion about your issue. Maybe you can get help from     there.
       3.     Is Outlook>Account Settings > Microsoft Exchange Settings > Security tab^^ "Always prompt for logon credentials" unchecked?
       4.update xp os to sp3 and install all the patch and check the user and password format .

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 15 Nisan 2011 Cuma 16:28
     
     Yanıt
    Oylamak İçin Oturum Aç
    0

    I'm convinced this is an issue with our SSL certificate.   The SAN (subject alternative name)  on our certificate starts with domain.com rather than mail.domain.com  which I believe is the source of the issue.   Windows XP doesn't search the SAN field beyond the first entry.  Windows Vista and 7 seem to support multiple strings in the SAN field on the certificate.

     

     

     
  • 21 Nisan 2011 Perşembe 13:26
     
     Yanıt
    Oylamak İçin Oturum Aç
    0

    To expand on my findings.   It appears that Windows XP does not support what most 3rd Party SSL Authorities call a "Star" or "Wildcard" certificate.    The certificate is built with the following Subject Alternative Names:

     

    *.domain.com

    domain.com

    server.domain.com

     

    Apparently XP doesn't look much further than the 1st SAN line to get a "match" to the certificate.   Vista and 7 does.   So the wildcard cert works fine for those clients.   The fix is to purchase a "UC" (Unified Communications) certificate.   The SAN lines on those do not contain the wildcard and are usually built in the following order for Exchange 2010:

     

    mail.domain.com

    autodiscover.domain.com

     

    Installing the UC certificate on our Exchange server fixed the issue.  

     

    See this KB article for UC Certificate Vendors: http://support.microsoft.com/kb/929395

     
  • 22 Nisan 2011 Cuma 01:45
    Moderatör
     
     
    Oylamak İçin Oturum Aç
    0
    Thanks to post your answer
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 13 Mayıs 2011 Cuma 15:33
     
     
    Oylamak İçin Oturum Aç
    0

    I realize this is question is marked as answered, but I just wanted to add my experience.

     

    We were able to use the wildcard cert by setting CertPrincipalName to "msstd:*.domain.com".

     

    Rick

     
  • 02 Mayıs 2012 Çarşamba 12:39
     
     
    Oylamak İçin Oturum Aç
    0

    Thanks Rick!

    Your contribution solved my problem.
    I to use a wildcard certificate on my UAG server were the Exchange webservices are published.
    I was breaking my head over this. Until I noticed the difference between W7 and XP.

    This lead me to this post and to your comment.
    I don't have any rights on the Exchange organizational level, so i can't change the certificate principal name. But I added "msstd:*.mydomain.ext" to a Group Policy and bingo..... connected.

    John

     
  • 14 Mayıs 2013 Salı 16:48
     
     
    Oylamak İçin Oturum Aç
    0

    I know this is an old thread but I thought I'd post this update for Exchange 2013 since this comes up pretty quick when you search for this issue. Took me quite a bit of research to figure this out, so hopefully it will help anyone who has Exchange 2013 with Windows XP clients.

    In Exchange 2013 setting the value for EXPR will only affect connections from EXTERNAL Outlook clients. For internal clients, you need to set the value for EXCH

    Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domain.com

    (this is for a wildcard cert; you can put in your own CPN as needed).