locked
Autodiscover problem. RRS feed

  • Question

  • We use Outlook 2010 with latest hotfixes + Exchange 2010 SP2 update rollup 2

    ctrl+rightclick on Outlook icon + check autodiscover shows basic authentication & after several seconds same operation shows NTLM! I can see different settings recieved on xml tab each time!

    Clients recieve authentication popups during the day :(

    Tried resetting Virtual directories, configuring outlookanywhere with both -ClientAuthenticationMethod & -IISAuthenticationMethods = NTLM

    get-outlookanywhere -server cas01

    RunspaceId                      : dd546129-3302-4011-8ccc-b73ea2909785
    ServerName                      : CAS01
    SSLOffloading                   : False
    ExternalHostname                : mail.company.ru
    ClientAuthenticationMethod      : Ntlm
    IISAuthenticationMethods        : {Ntlm}
    XropUrl                         :
    MetabasePath                    : IIS://CAS01.ad.company.ru/W3SVC/1/ROOT/Rpc
    Path                            : C:\Windows\System32\RpcProxy
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    Server                          : CAS01
    AdminDisplayName                :
    ExchangeVersion                 : 0.10 (14.0.100.0)
    Name                            : Rpc (Default Web Site)
    DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=CAS01,CN=Servers,CN=Exchange Admini
                                      strative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mi
                                      crosoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=company,DC=ru
    Identity                        : CAS01\Rpc (Default Web Site)
    Guid                            : 408cebbe-db0b-4cb4-b7db-193f8c7aa1ec
    ObjectCategory                  : ad.company.ru/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
    WhenChanged                     : 15.05.2012 15:33:30
    WhenCreated                     : 15.05.2012 15:33:30
    WhenChangedUTC                  : 15.05.2012 11:33:30
    WhenCreatedUTC                  : 15.05.2012 11:33:30
    OrganizationId                  :
    OriginatingServer               : dc01.ad.company.ru
    IsValid                         : True

    Where from basic appears?

    It's even more interesting! I had this problem with one CAS server with different name. I installed a new one (CAS01) uninstalled the first one. Assigned it to all databases. Server name in user Outlook profiles changed, but this problem is still there: switching between basic & ntlm :(


    Tuesday, May 15, 2012 10:20 PM

Answers

  • Hi Vainkop Valery,

    when Autodiscover works internally without any issues, have you tried to switch Outlook-Anywhere from NTLM to Basic Authentication for Testing ?

    Basic authentication is generally not a problem in this case, because of the https tunnel around. Give it a try ;)


    Grüße, Christoph

    Monday, May 21, 2012 3:57 PM

All replies

  • Hello,

    Do all the users have this issue?

    What is client are you using, do you use windows xp?

    When local users use Outlook anywhere, will they have this issue?

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Thursday, May 17, 2012 8:21 AM
  • Hi Evan!

    All users have this issue.

    We all use Win7 SP1 x64 or x32.

    What do you mean by local users? All users are in domain & some of them work remotely only several hours a day. Still we all have "Connect to Exchange using HTTP" enabled in our profiles (http://imageshack.us/photo/my-images/855/outlookc.jpg/).

    Disabling it doesn't help too :(

    Thursday, May 17, 2012 8:39 AM
  • Hi Vainkop Valery,

    we had a similar thread some time ago in German Exchange Forums. The admin always had to restart IIS, then it was working for some time and then the login boxes came back. The scenario was also just Outlook Anywhere with NTLM.

    The final solution / workaround for him was to switch the Outlook Anywhere Authentication from NTLM to Basic. After the new authentication method was set, the problem went away.

    I am sure you did some Autodiscovery problem research already, but just a few hints:

    First you should make sure that the Autodiscovery works internal with a standard TCP connection. (no login boxes)

    You could also check the correct settings for the virtual directorys : http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

    Last would be to check if you have some proxy entrys in your clients browsers, remove it and check again. Check for the correct proxy exclusions for your internal directorys.


    Grüße, Christoph

    Thursday, May 17, 2012 10:58 AM
  • Hi Christoph!

    Restarting IIS doesn't help in my case.

    Autodiscover works internally.

    All autodiscovery settings for virtual directories are correct.

    There're no proxy entries in clients browsers.

    I decided to replace Exchange 2010 on CAS server(SP2) with Exchange 2010 without SP at all and see what happens. If it helps I won't be surprised.

    Monday, May 21, 2012 9:50 AM
  • Hi Vainkop Valery,

    when Autodiscover works internally without any issues, have you tried to switch Outlook-Anywhere from NTLM to Basic Authentication for Testing ?

    Basic authentication is generally not a problem in this case, because of the https tunnel around. Give it a try ;)


    Grüße, Christoph

    Monday, May 21, 2012 3:57 PM
  • Christoph, you saved my day! :)

    Basic authentication doesn't switch to ntlm & I decided to leave it like that.

    Thanks!

    Monday, May 21, 2012 7:29 PM