locked
Problem on Disabling Outlook Anywhere Mutual Authentication RRS feed

  • Question

  • Hi, there,

    A strange behavior of Outlook Anywhere.

    • Environment: Exchange 2010 SP2, Outlook 2010 ver 14.0.4760.1000 (32-bit)
    • My users have been using Outlook Anywhere for a few months, no problem
    • Recently, for some reason, I need to disable OA mutual authentication
    • I run this command on Exchange server: Set-OutlookProvider EXPR -CertPrincipalName none

    Now I create a new Outlook profile on my PC. Everything works fine, I got what I want:

    But, what happens to my old (existing) Outlook profile? When I launch Outlook using old profile, it keeps prompting for password. When I open the old profile, I see this,

    Instead of disabling the mutual authentication, it uses the string 'none' as the cert principal name. Has anyone encountered the same issue?

    Friday, October 5, 2012 5:37 AM

Answers

  • Confirmed it's a bug of Outlook 2010 RTM. I applied SP1 and the symptom is gone. Mutual authentication has been disabled for existing Outlook profile.

    • Marked as answer by Li Zhen Monday, October 8, 2012 5:42 AM
    Monday, October 8, 2012 5:42 AM

All replies

  • Why are you not putting a CertPrincipalName? Poweshell is reading your "none" exactly as you type it, which is a string. If you want it blank you have to put "CertPrincipalName:$null" or "CertPrincipalName:none" (that tricky colon). Plus CertPrincipalName is an optional perameter for the set-outlookprovider cmdlet. 

    DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

    Friday, October 5, 2012 9:10 PM
  • Why are you not putting a CertPrincipalName? Poweshell is reading your "none" exactly as you type it, which is a string. If you want it blank you have to put "CertPrincipalName:$null" or "CertPrincipalName:none" (that tricky colon). Plus CertPrincipalName is an optional perameter for the set-outlookprovider cmdlet. 

    DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

    Nope. I don't think Outlook reads "none" as string. As you can see in my first screen shot, it reads 'none' as to disable the mutual authentication. $null and none are different. $null means to take external host name as the cert principal name.

    I suspect it's a bug of Outlook since its behavior is inconsistent.

    Saturday, October 6, 2012 2:29 PM
  • Confirmed it's a bug of Outlook 2010 RTM. I applied SP1 and the symptom is gone. Mutual authentication has been disabled for existing Outlook profile.

    • Marked as answer by Li Zhen Monday, October 8, 2012 5:42 AM
    Monday, October 8, 2012 5:42 AM
  • Duplicated problem with http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/75d5dc70-c869-4f76-aa45-640d4e85985a

    Thanks for your update and confimation.

    Have a nice day :) 


    Fiona Liao

    TechNet Community Support

    Monday, October 8, 2012 9:44 AM
    Moderator