none
Outlook Authentication Popup

    Question

  • Dear All,

    Environment:

    Exchange Server 2013 on In-house environment and clients with Outlook 2010 & 2013. The current environment is secured with SonicWall firewall and NAT to public.

    Issue :

    We are in progress of changing the firewall to Checkpoint. The problem is after changing the firewall the popup occurs for internal and external clients in outlook. We have verified the NAT and access rules on both firewall are same. 

    Please provide your solution to resolve the issue.

    Thanks in Advance

    Tuesday, January 23, 2018 7:00 AM

All replies

  • If it occurs for internal clients, that would tell me that you don't have split brain DNS so the connection is going out to the DMZ or Internet and back in through the firewall.  I strongly recommend you deploy split-brain DNS.

    If changing the firewall causes the issue, then the problem is likely with the firewall or its configuration.

    I have changed the thread type to Question because you're asking one.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Tuesday, January 23, 2018 9:08 PM
    Moderator
  • Dear Crowley,

    This authentication popup occurs only after 30 mins after changing firewall and also the occur randomly for all for all users(Internal and External) in the interval of time.This popup is occurred initially for the users who have mails in outbox. 

    Firewall team mentioned that the exchange is send authentication packet's to client. At the same time we cant find any drop packet in firewall logs.

    The DNS Server is  not the split-rain DNS. We have allowed all ports to exchange for testing in firewall. 


    Wednesday, January 24, 2018 4:33 AM
  • Hi,

    Could you please tell us where did you deployed firewall, is that in DMZ ?

    Did you mean outlook pop up authentication alert when you send email?

    When you send e-mail in OWA, is that the issue?

    Please give us a screenshot about the Authentication pop up message.

    In order to exclude the impact of the firewall, please try to bypass firewall test again.

    Moreover, you can use Fiddler to collect tracing, check if there are any issue.

    Try to install it on your client to have a test, steps for your reference:
    ===========
    Note: When running this tool, please disable all any other applications.
     
    1). Please download and install Fiddler2 from here: http://www.fiddler2.com/fiddler2/
    2). After installation, go to Tools -> Fiddler Options -> HTTPS tab, and check 2 checkboxes, “Capture HTTPS CONNECTs” and “Decrypt HTTPS traffic”. If it asks to install a certificate to decode HTTPS, please install it.
    3). Click OK to save the settings.
    4). Keep the Fiddler2 tool running, and then open Outlook to reproduce the issue.
    5). Wait until the certificate error appears again. (Record the accurate time, so if you want other one to help you check, you can share the time with him.)
    6). Then you can clearly see the HTTP connections Outlook was trying to connect. To save the log, on the Fiddler Web Debugger window, click File > Save > All sessions, and then compress the log.


    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Alice-Wang Wednesday, January 24, 2018 8:07 AM
    Wednesday, January 24, 2018 7:47 AM
  • That just helps confirm what I told you.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, January 24, 2018 7:50 AM
    Moderator
  • Thanks Alice Wang,

    Could you please tell us where did you deployed firewall, is that in DMZ ?

    NO, We don't have any DMZ zone. Clients and Server's are in the same subnet. 

    Did you mean outlook pop up authentication alert when you send email?

    Yes, When i send mail. If we provide OK in popup the account getting locked. if we provide cancel for some time, mail works after sometime.  

    When you send e-mail in OWA, is that the issue?

    Mail's are waiting in draft for sometime.

    An additional information we have the spam filter out side our environment.

    Currently am not able to provide the screenshot, since it is a production environment. am not able to change the firewall, i ll provide once we got the downtime.

    Regards,

    Saravanan

    Thursday, January 25, 2018 3:35 AM
  • Hi saravanan,

    Thanks for your response, since this issue occurs in Outlook and OWA while sending message, I suppose it's a connection issue by SMTP protocol connection between Exchange and firewall.

    Please check if there are any logs on the firewall


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Alice-Wang Tuesday, January 30, 2018 9:33 AM
    Monday, January 29, 2018 8:01 AM