locked
Using NTLM Authentication on Outlook Anywhere on Exchange 2007 SP3 with Outlook 2007, getting continous credential prompts RRS feed

  • Question

  • Server: Exchange 2007 SP3 UR3 on Windows 2008

    Client: 32-bit Outlook 2007 on Windows 7 32-bit

    Same network (not trying to connect from Internet yet), have Outlook configured to use Outlook Anywhere on Fast and Slow networks.

    I am currently configured for Basic authentication for both IIS and Client and this works as expected.  I switched over to NTLM and verified the Outlook settings, and now all I get is continuous prompts from Outlook for username/password.

    What am I missing?


    Friday, June 10, 2011 7:11 PM

All replies

  • Where did you make the change to NTLM? In IIS or EMC? If it was IIS it should have been EMC because the client is now getting incorrect information from autodiscover. Change it back in IIS, then change it in EMC. Wait 15 minutes and then run IISRESET.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Luis Olias Thursday, October 1, 2015 12:25 PM
    Friday, June 10, 2011 7:53 PM
  • I did it through EMS

    get-outlookanywhere | set-outlookanywhere -iisauthenticationmethods ntlm -clientauthenticationmethod ntlm

    If I check the contents of autodiscover, they are correct and the client has the correct settings.

    Are you saying in general I should run IISRESET after these changes or because you think I made them through IIS?


    Friday, June 10, 2011 8:47 PM
  •  

    Hi,

     

    First, I would like to confirm the following questions:

     

    1. Is there ISA server in the environment?

    2. Is the client machine in the domain when accessing mailbox via Outlook Anywhere?

    3. Can the user access the mailbox successfully after typing the credentials?

     

    At this stage, please assure IIS authentication and OA authentication are configured correctly as NTLM, and then restart IIS to check the result. If the issue persists, please check the LmCompatibilityLevel settings from the link below:

     

    http://support.microsoft.com/kb/820281/en-us

     

    Thanks.

    Novak Wu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, June 13, 2011 8:21 AM
  • 1. No ISA server, this is just internal on the LAN.

    2. Yes, the client is in the same domain, with the client logging on as the domain user as a local admin on the client, on the same subnet as the Exchange Server.

    3. No, the prompting never goes away.

    If I view get-outlookanywhere, both settings are set to NTLM.

    I tried the support article, Windows 7 doesn't have a LmCompatibilityLevel key, so I added one. I tried on Level 2 and 3 as the article suggested and 1 just for fun.

    Anything else?

    Monday, June 13, 2011 8:58 PM
  •  

    Hi,

     

    At this stage, please refer to the following steps to assure Client authentication is configured correctly.

     

    1. On a problematic user’s Outlook, click File >> Info >> Account settings.

    2. On the Email tab, double click the email account.

    3. Click More Settings, on the Security tab, please change the “Logon network security” type to “Password Authentication (NTLM)”.

    4. Save the settings and restart the Outlook and check if the issue persists.

     

    If the issue persists, please type the Get-OutlookProvider | fl command and post the result here. Also, please access the following website and select Outlook Anywhere to analyze the connection.

     

    https://www.testexchangeconnectivity.com/Default.aspx

     

    Thanks.

    Novak Wu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, June 15, 2011 5:17 AM
  • No go on the authentication change.  Endless prompts...

    Also, I have not setup Internet access for this.  This is attempting to use Outlook Anywhere internally only using NTLM authentication.

    get-OutlookProvider | fl

    CertPrincipalName :
    Server            :
    TTL               : 1
    AdminDisplayName  :
    ExchangeVersion   : 0.1 (8.0.535.0)
    Name              : EXCH
    DistinguishedName : CN=EXCH,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Home,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC
                        =mybogusdomain,DC=com
    Identity          : EXCH
    Guid              : a3ff0696-bc2c-44b9-bae3-3579ee79c5be
    ObjectCategory    : x.mybogusdomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Config
    ObjectClass       : {top, msExchAutoDiscoverConfig}
    WhenChanged       : 4/25/2009 1:34:03 PM
    WhenCreated       : 4/25/2009 1:34:03 PM
    OriginatingServer : dc1.x.mybogusdomain.com
    IsValid           : True

    CertPrincipalName :
    Server            :
    TTL               : 1
    AdminDisplayName  :
    ExchangeVersion   : 0.1 (8.0.535.0)
    Name              : EXPR
    DistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Home,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC
                        =mybogusdomain,DC=com
    Identity          : EXPR
    Guid              : 462efdf9-5c7c-42a9-ab72-71cfa03c3e9a
    ObjectCategory    : x.mybogusdomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Config
    ObjectClass       : {top, msExchAutoDiscoverConfig}
    WhenChanged       : 4/25/2009 1:34:03 PM
    WhenCreated       : 4/25/2009 1:34:03 PM
    OriginatingServer : dc1.x.mybogusdomain.com
    IsValid           : True

    CertPrincipalName :
    Server            :
    TTL               : 1
    AdminDisplayName  :
    ExchangeVersion   : 0.1 (8.0.535.0)
    Name              : WEB
    DistinguishedName : CN=WEB,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Home,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=mybogusdomain,DC=com
    Identity          : WEB
    Guid              : de64c61a-e8ea-4d3b-b8ab-21bbc3308233
    ObjectCategory    : x.mybogusdomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Config
    ObjectClass       : {top, msExchAutoDiscoverConfig}
    WhenChanged       : 4/25/2009 1:34:03 PM
    WhenCreated       : 4/25/2009 1:34:03 PM
    OriginatingServer : dc1.x.mybogusdomain.com
    IsValid           : True

     

     


    Wednesday, June 15, 2011 3:00 PM
  • The first thing I would do is check whether things are working as you expect.

    Switch it back to basic - check that it is then connecting through HTTPS. Hold down CTRL while right clicking on the Outlook icon and choose Connection Status and check the connection type is HTTPS.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Wednesday, June 15, 2011 9:21 PM
  • Based on the result, I don’t find any problem and the server value is already set as null which is mentioned from the following article:

     

    http://technet.microsoft.com/en-us/library/cc411324(EXCHG.80).aspx

     

    At this stage, please also collect the following information and send it to me for my further research.

     

    1. Run the following command in EMS on the CAS server:

     

    Get-autodiscovervirtualdirectory | fl >c:\auto.txt

    Get-clientaccessserver | fl >c:\cas.txt

    Get-OutlookAnywhere >c:\outlookanywhere.txt

    Get-Outlookanywhere -identity "cas server\rpc (Default Web Site)" |fl >c:\rpc.txt

     

    2. [Collect the IIS log]

    ==============

    a.  One the Exchange Client Access Server, locate the folder “c:\inetpub\logs\logfiles\W3SVC1” (If the IIS log is not enabled, please enable it and try to reproduce this issue.)

    b.  Collect the log files inside the folder.

     

    Thanks.

    Novak Wu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, June 16, 2011 7:08 AM
  • How is thing going on? If there is any progress or question, please post it here to discuss.

     

    Thanks.

    Novak Wu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, June 17, 2011 7:47 AM
  • Hi,

    Thanks, I sent you the information you requested.  I ran out of time for this yesterday, sorry!

    Friday, June 17, 2011 4:01 PM
  • So... any updates?
    Thursday, July 7, 2011 4:05 PM
  • I have the same problem. Any updates?

    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

    Thursday, October 1, 2015 12:16 PM
  • What is "OA", "outlook anywhere" ?

    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)


    • Edited by Luis Olias Friday, October 2, 2015 9:31 AM
    Friday, October 2, 2015 9:30 AM
  • I found this:

    https://technet.microsoft.com/en-us/library/bb123889(v=exchg.80).aspx

    I quote:

    "...When Exchange 2007 is run under Windows Server 2008, clients who use Exchange 2007 may be repeatedly prompted for their credentials during Outlook Anywhere sessions. This issue occurs when NTLM Authentication is selected as the authentication method in the Exchange Proxy Settings dialog box for the Outlook profile on the client computer. This issue does not occur if Basic Authentication is selected as the authentication method in the Exchange Proxy Settings dialog box. By default, Kernel Mode Authentication is enabled in Internet Information Services (IIS) 7.0 on Client Access servers that are running Windows Server 2008 with versions of Exchange 2007 that are earlier than Exchange Server 2007 Update Rollup 8. This issue does not occur with the following versions of Exchange 2007:..."


    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

    Friday, October 2, 2015 10:15 AM