Outlook 2007 Login Prompt on Exchange 2007


  • I installed Exchange 2007 and have moved several mailboxes to it from Exchange 2003.  When these users open Outlook 2007 while inside our network they receive a login prompt after opening Outlook.  If Outlook is closed and reopened they do not receive a login prompt so it seems to happen only after logging into the compter.  They have a TCP/IP connection, hot http, and everything else is working fine.  Any ideas?

    Monday, October 22, 2007 2:05 PM

All replies

  • You should verify if you have any Kerberos errors on the Exchange Server or Domain Controller




    Monday, October 22, 2007 7:09 PM
  • Have you run the Outlook 2007 diagnostics from the Help/Office Diagnostics area?



    Thursday, October 25, 2007 6:56 PM
  • I don't seem to have any Kerberos problems.  Another thing I have found is that it seems to only be happening on either Vista or Outlook 2007 users.  I'm not sure if it has to be both or one or the other.  I am going to do more testing on this.


    Thursday, October 25, 2007 7:12 PM
  • Is your Exchange server in the same Active Directory as your Clients?




    Thursday, October 25, 2007 7:25 PM
  • Yes, it is in the same AD.


    Thursday, October 25, 2007 7:27 PM
  • Might be an authentication issue on your Autodiscover Virtual Directory in IIS






    • Proposed as answer by Leemor Tuesday, June 23, 2009 1:49 PM
    Thursday, October 25, 2007 8:10 PM
  • It looks like everything is configured correctly as far as authentication.  The login prompt is only happening with users running Outlook 2007.  Outlook 2003 users connecting to the Exchange 2007 server do not receive a login prompt.


    Monday, October 29, 2007 1:58 PM
  • You might want to check the Outlook profiles and check if Outlook uses cached mode and connects to the Exchange server using HTTP and check Authentication settings there


    Outlook can also be configured to allways request authentication



    Monday, October 29, 2007 2:38 PM
  • I am experiencing the same thing.  We implemented Exchange 2007 on Friday.  All XP/2003 clients work fine, but all 2007 Outlook clients prompt for login when Outlook is opened.  What is more frustrating is that it continues to prompt until you hit cancel.  Once you do that, it stops prompting, and works fine--provided you did enter correct credentials on the first login request. 

    No errors reported on the Exchange server. 
    Monday, October 29, 2007 3:25 PM
  • It doesn't seem to matter if cached mode is used or not, I still get the login prompt.  It is not using HTTP and it is not set to always request authentication.  The only thing I see is that the default Outlook 2003 installation does not check the box next to "Encrypt Data between Microsoft Outlook and Microsoft Exchange" on the Security tab and the Outlook 2007 installation does check this box.  However, unchecking the box in Outlook 2007 only delays when the login box appears.

    Monday, October 29, 2007 4:08 PM
  • If you cancel the login box do you still have access to your mailbox?

    If that is the case then I am pretty sure that it is Autodiscover problems




    Monday, October 29, 2007 10:51 PM
  • Yes, when I cancel the login box everything works fine.  A message appears on the right side of the status bar that says "Need Password" and the login box will appear every few minutes but everything works normally.  -Dennis


    Tuesday, October 30, 2007 12:21 PM
  • I see this behavior as well.  I am sure we are dealing with the same problem.

    Tuesday, October 30, 2007 6:14 PM
  • Is this also happening when you logoff and logon again and then open Outlook?




    Tuesday, October 30, 2007 8:10 PM
  • I get the exact same symptom with my Exchange 2007 and Outlook 2007 setup.  Previously it was working but we installed Exchange 2007 SP1 Beta 2 during a re-install and since then, its been behaving this way.  Are you all who are facing this also on E2k7 SP1 Beta 2?



    Wednesday, October 31, 2007 9:15 AM
  • Yes.  Logging off and logging back on causes another login prompt.


    Wednesday, October 31, 2007 11:25 AM
  • No, I am on not on SP1 beta 2.


    Wednesday, October 31, 2007 11:26 AM
  • I don't think there can be many explenations

    Outlook works fine if you cancel the login box

    Every few minutes the popup comes back to authenticate


    I still think this is Autodiscover related

    Integrated authentication is selected on the IIS server Autodiscover virtual directory?




    Wednesday, October 31, 2007 1:06 PM
  • Yes, Integrated Authentication is selected.  It wasn't originally but nothing changed after I selected it.


    Wednesday, October 31, 2007 1:13 PM
  • Integrated Authentication is indeed selected on that virtual diretory at my site.  I am not using any beta products.

    Wednesday, October 31, 2007 2:48 PM
  • Hi All,


    Strangely enough, I do not see the same symptom when I am connected remotely over RPC/HTTP from Home.  This only happens when OUtlook 2007 is connected to E2k7 on the local LAN.


    Are you all seeing the same symptom too?  We've checked the autodiscover service configuration and it looks fine.  Not sure where else to look.   Any sharing of progress made for this issue is appreciated Smile



    Monday, November 05, 2007 2:08 AM
  • I can confirm the same.  Worked without prompting me from home using RPC/HTTP.  Back to the office this morning and still getting prompted.  I have looked at my autodiscover service as well and all seems fine.  We are about to open case with MS through a support partner.  I'll share if we come up with a solution.

    Monday, November 05, 2007 1:55 PM
  • You have probably a problem with your Service Connection Point in AD


    Get-ClientAccessServer | fl


    Look at



    You must set this value to the correct server




    Monday, November 05, 2007 3:57 PM
  • It looks correct to me, but maybe I am missing something.  Here is the result form the Get-ClientAccessServer | fl command:

    Name                                              : EXCHANGE
    OutlookAnywhereEnabled                 : True
    AutoDiscoverServiceCN                    : exchange
    AutoDiscoverServiceClassName        : ms-Exchange-AutoDiscover-Service
    AutoDiscoverServiceInternalUri          : https://exchange.mydomain.local/Autodiscover/Autodiscover.xml
    AutoDiscoverServiceGuid                  : 7xxxxxx6-2xx6-4xx9-axx6-3xxxxxxxxxx6
    AutoDiscoverSiteScope                    : {Default-First-Site-Name}
    IsValid                                            : True
    OriginatingServer                              : server4.mydomain.local
    ExchangeVersion                             : 0.1 (8.0.535.0)
    DistinguishedName                          : CN=EXCHANGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mydomain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
    Identity                                            : EXCHANGE
    Guid                                                : 4xxxxxx7-exx0-4xxa-axxe-8xxxxxxxxxxb
    ObjectCategory                                : mydomain.local/Configuration/Schema/ms-Exch-Exchange-Server
    ObjectClass                                     : {top, server, msExchExchangeServer}
    WhenChanged                                 : 10/26/2007 3:47:19 PM
    WhenCreated                                   : 10/24/2007 4:26:34 PM

    *Actual domain names and guids obscured.

    Monday, November 05, 2007 4:12 PM
  • I would try to connect to the url with Internet Explorer


    Verify that exchange.mydomain.local is in the intranet domain in IE settings so that you have integrated authentication

    So you should be able to connect to the url without being promted for authentication



    Monday, November 05, 2007 5:15 PM
  • When I initially browsed, I was prompted for logon.  I added the url to the intranet domain in IE and was then able to browse the site without being prompted for login.   This is the results shown, which I believe is correct:

      <?xml version="1.0" encoding="utf-8" ?>
    - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    - <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    - <Error Time="12:24:36.9716616" Id="3007185755">
      <Message>Invalid Request</Message>
      <DebugData />

    This change in IE settings has no affect on the Outlook login prompts issue.

    Monday, November 05, 2007 5:26 PM
  • You do have a certificate for the domain mentioned in the output, correct?  either a Subject Alternate Naming certificate of an SSL cert with the name of the autodiscover service?  if not, that would be why it is prompting you.


    Monday, November 05, 2007 7:15 PM
  • I think I am out of suggestions now as everything seems fine.


    Allthow I think Outlook does work with IE settings

    Maybe you can do a test with an IE with no proxy server configured and start outlook?




    Monday, November 05, 2007 11:03 PM
  • Are you by chance using ISA server to publish Exchange? I have the same symptoms and from what I can tell the problem is ISA somewhere along the line. If i Setup my Outlook 2007 email clients to by pass the ISA server and got Directly to the CAS I get no login prompt.  As soon as i re-configure to send traffic through ISA, the prompts come back.

    I think, you'll find that when  you cancel the login prompt, that free/busy data is unavailable when using the scheduling component in outlook. Aside from this information being unavailable, all else seems to work fine.

    I've been working on this for a week or two now and haven't got too far. I've used my ISA server to monitor traffic and have found that for some reason, Outlook 2007 clients are denied http connecting to the CAS when the prompt occurs. 

    Where this really seems to get odd is that, if you use microsoft, communicator, and login to that before starting outlook 2007, the prompts go away and the free/busy data begins to work properly. On top of that ISA no longer picks up http traffic, from what i can see.

    Anyways, I'm currently working with a support call and microsoft to resolve this. I'll let you know that I find out.
    Monday, November 05, 2007 11:53 PM
  • Just another bit of information about this.  I can get this to work properly if i change the internal uri for autodiscover to the default (from install) however we do not own the internal domain name and thus can not use the name since we serve many users with and without domain joined machines (we need to use a purchased cert).  This again, though, bypasses the ISA server (and generates a certificate error).
    Tuesday, November 06, 2007 12:02 AM
  • I have no doubt that this is autodiscover related.  In exchange 2003, free/busy data was retrieved using public folders and in exchange 2007 autodiscover retrieves this information. And free/busy data is what causes the login, from what i can tell.

    Tuesday, November 06, 2007 12:07 AM

    And do we have a certificate for the autodiscover services?  I have had this issue in the past where the internalURi is pointing to a non secure location with an SSL request.


    Tuesday, November 06, 2007 12:12 AM
  • Another observation:


    My Exchange 2007 server is currently co-existing with my legacy Exchange 2003 server in the same Exchange organization (diff server of course) through the connector.  My mailbox was migrated to E2k7, but the Public Folder store is still on E2k3 server.


    I get the entire list of PFs in Outlook but when I drill down to the folder I see an error "Cannot Display the Folder.  Network Problems are preventing connection to Microsoft Exchange" error message.  I suspect the login prompts in Outlook 2007 which I get is related to connectivity to E2k3 PF, as the rest of the "services" I get in oulook is working such as out of office attendant, addressbook etc.


    Do you guys have similar co-existence setup as I do?  Also do you see the same problem with the Public Folder?



    Tuesday, November 06, 2007 9:41 AM
  • Ok I double checked.  When I go to outlook and select Send/Receive -> Offline Address Book, I get the same annoying login prompts until I hit cancel.


    So I think what some of you suggested is correct, that this is Autodiscover related.  Do the rest of you having this issue have problems Downloading Offline Addressbook on the LAN environment as well?



    Tuesday, November 06, 2007 10:07 AM
  • Hi Funj is it possible for you to start another thread?

    This was originally a problem we were discussing for DennisW


    To much confusion in this thread right now




    Tuesday, November 06, 2007 10:19 AM
  • Ok I think my case is solved.


    My URL for the OABUrl was not correct for internal. For some reason it was:


    http://cas.domain.local instead of https://cas.domain.local which I fixed via the Exchange Management Console -> Server Configuration -> Client Access Server -> Offline Address Distribution tab.


    I can download OAB now and this also fixed my PF connectivity (for some reason!).   And I have lost the annoying Outlook 2007 prompts!


    How I found this was:


    1) In the task tray, hold down CTRL Key and right click the Outlook icon and select Test Email Auto Configuration

    2) Uncheck Use Guessmart and Secure Guessmart Authentication

    3) Click Test

    4) Upon completion of the test, view the XML tab results.  You should see something like the report below.

    5) I noticed that for my Internal LAN connectivity, the URL for OAB was starting with HTTP instead of HTTPS.

    6) I made the change from the Management Console as discribe above

    7) Did a iisreset

    8) Ran the steps 1-4 again and verified that the change highlighted in RED is reflected.


    Download of OAB now works from Outlook on the LAN.  Send/Recieve also completes 100% without Login Prompts.


    I hope this helps solve the issues that the rest of you are facing too!



    *note the details of the domain and server have been masked:


    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
          <DisplayName>Fun Jin Lim</DisplayName>
          <LegacyDN>/o=ISAT/ou=First Administrative Group/cn=Recipients/cn=Funj</LegacyDN>
            <ServerDN>/o=ISAT/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CAS</ServerDN>
            <MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CAS/cn=Microsoft Private MDB</MdbDN>

    • Proposed as answer by Eddie EC Wednesday, March 11, 2009 6:54 PM
    Tuesday, November 06, 2007 11:11 AM
  • I am configured exactly the same way you are - Exchange 07 co-exisiting with Excahnge 03 and my mailbox is on the E07 server.  However, I don't have any problem seeing Public Folders.  I am still getting the Outlook login prompts.

    Tuesday, November 06, 2007 12:39 PM
  • Have you tried following the steps to check the contents of the Autodiscover.xml results?  There was a problem with the URL for OAB, which had to be rectified.   The SCP was configured correctly to reference to the right autodiscover service, but the service had inaccurate information for OAB.  Hence when we checked if Autodiscover service was running and Outlook referencing it, it seemed like it was, just Outlook was being fed wrong URL references for the OAB. 


    I've been running Outlook 2007 on E2k7 without the Login Prompts for over 12 hours now.. and it feels great to get rid of the pesky problem which I was facing as well. I am now curious if there was an issue/bug in the installer, as, based on what I remember I did not manually key in the HTTP (instead of HTTPS) parameter for OAB but it was auto populated.  IF the cause of your issue is identical - i.e related to http for OAB, then I suspect it's a bug in the installation process.


    Do keep us updated on your progress.




    Wednesday, November 07, 2007 1:33 AM

    Run test-OutlookWebServices | fl

    Disable the loopback check

    Follow these steps:



    Click Start, click Run, type regedit, and then click OK.


    In Registry Editor, locate and then click the following registry key:



    Right-click Lsa, point to New, and then click DWORD Value.


    Type DisableLoopbackCheck, and then press ENTER.


    Right-click DisableLoopbackCheck, and then click Modify.


    In the Value data box, type 1, and then click OK.


    Quit Registry Editor, and then restart your computer.

    Friday, November 09, 2007 7:57 AM
  • I paid a little more attention to the login prompts, and I noticed that it tries to authenticated to the following:


    exchange.mydomain.local, 3 times

    mydomain.net, 3 times

    autodiscover.mydomain.net, 3 times



    Even with the correct creditials entered, it goes through all 9 prompts and continues to prompt periodically. 


    Monday, November 12, 2007 2:17 PM
  • Anyone come up with a solution? I have a the same problem.


    Thursday, November 15, 2007 9:38 PM
  • I was having the same problem.


    I did have my OAB configured to http instead of https (I think I may have been the one to do that) and fixed that. It still wasn't working until I tried doing a send/receive of just the address book and then provided my credentials.


    It seems to be working now... hopefully it will stay that way Smile



    Friday, November 23, 2007 8:10 PM
  • We solved this problem for us anyway.  In our case, we had created the host name autodiscover.domain.com with a CNAME instead of an A record.  When we fixed that, the login prompts went away.




    Tuesday, April 29, 2008 11:01 PM

    I am now having this same issue.  Has anyone figured out how to resolve this issue.
    Wednesday, May 07, 2008 3:29 PM
  • OK I have hopefully just fixed this

    I followed the steps by Funj as mine was set to http. The other main step needed is to go into IIS on exchange server and enable integrated security and restart IIS. When I did this on the OAB virtual directory it fixed the problem for myself. Someone else who was using cached mode was still getting prompted though. So I went back to IIS and enabled integrated security on most of the other directories then restarted IIS and the problem is now completely solved.

    Can someone else try and let me know if this works for them too.


    Thursday, May 08, 2008 5:52 AM
  • I'm using IIS7 and verified Windows Authentication is enabled, no help.


    Thursday, May 08, 2008 12:38 PM
  • For those using a proxy server for Internet:

    I was finally able to resolve this problem by adding mail.domain.net and mail.domain.local to the proxy exclusions list and using split-brain DNS. 

    The problem was that request to the exchange server were first going out the firewall/proxy and then trying to come back through--something the firewall did not allow.

    Thursday, May 08, 2008 3:27 PM
  • This URL has the fix that worked for me.  Now to get the OAB to update for my remote clients and I'll be finished with this.  At least Outlook doesn't prompt me anymore.






    Friday, May 09, 2008 4:14 PM
  • We were having the same problem, "Outlook 2007 Login Prompt on Exchange 2007"  and Funj's posts help me track down my issue.  My problem was a little different then other's I've read here so here's my fix:


    Situation: A couple weeks after migrating from Exchange 2003 to Exchange 2007 people started being prompted to logon to repeatedy in Outlook 2007.  In Funj's post on 06 Nov 2007, 3:11 AM he explains how to test E-mail AutoConfiguration.  I followed his instructions but my XML tab showed: <OABUrl></publicfolder> instead of a URL. 


    Fix: My offline address book had not been migrated to Exchange 2007, it was still on my Exchange 2003 server.  Here is the technet article the explains how to move the OAB: http://technet.microsoft.com/en-us/library/bb123917(EXCHG.80).aspx.  It took some time for the logon prompts to stop so be patient.  Now my E-mail AutoConfiguration test, XML tab shows the proper URL for <OABUrl>. 


    Thank you Funj!

    Friday, October 03, 2008 4:47 PM
  • I had this problem after Exchange 2007 sp1 Roll Up 4 update.  OWA login was okay,  only Outlook 2007 could not authenticate.  I checked domains with dcdiag - was okay.  All other domain authentication was ok.  I checked DNS records, nothing had changed and all was good.  I rebooted a couple more times after the update. 


    What finally fixed it was looking at Properties for Autodiscover in IIS manager.  The Virtual Directory, Directory Security and Certificates were all okay and nothing had changed.   Under ASP.NET   the version of asp.net was unselected and blank.   I Selected the 2.0.50727 version from the drop down box,  which is the only version available.  When I applied that,  the w3svc restarted inself but failed the restart (asp.net 2.0.507277 as the Source in the Event log)  I manually restarted the Default Web Site from within IIS mgr.  Immediately all Outlook 2007 clients could connect with Integrated Security and not be prompted for a password.

          I hope this helps someone


    Thursday, November 06, 2008 9:10 PM
  • I have this problem with only one user.  It happens no matter what client she logs in on.   With a roaming profile it seems like there is a setting in her ntuser.dat.  Any suggestion on this version of the Logon Prompt problem?


    Wednesday, December 10, 2008 8:19 PM
  • We have the exact same symptom with Exchange 2007 Server and Outlook 2007/2003 clients. I selected Integerated authentication on IIS server Autodiscover virtual directory and users do not receive login prompt any more.


    Tuesday, December 23, 2008 8:23 AM
  • Did you set all the virtual directories?

    Set-ClientAccessServer -Identity CASSERVER -AutodiscoverServiceInternalUri https://url.domain.com/autodiscover/autodiscover.xml

    Set-WebServicesVirtualDirectory -Identity " CASSERVER \EWS (Default Web Site)" -InternalUrl https://url.domain.com/ews/exchange.asmx

    Set-OABVirtualDirectory -Identity " CASSERVER \oab (Default Web Site)" -InternalUrl https://url.domain.com/oab

    Set-UMVirtualDirectory -Identity " CASSERVER \unifiedmessaging (Default Web Site)" -InternalUrl https://url.domain.com/unifiedmessaging/service.asmx

    Test your connectivity?

    How may Sites in your evnironment?  How many exchange servers?

    How are you routing to the CAS server?

    what a bout your security certs?  I had an issue with ISA and bridging to 07 which actually was fixed by deploying an internal cert between the ISA and Exchange box.

    What about external users, does autodiscover work?  Is it configured? 

    How do users log into the network?  wireless or cabled?

    Friday, December 26, 2008 2:03 AM
  • Had exactly the same problem. The solution was: I had a proxy server configured in Internet Explorer. I put the three addresses that the login prompt was complaining about in the exceptions field under Advanced next to the proxy settings under Connections and the prompts disappeared.

    Thursday, January 22, 2009 4:02 PM
  • Thank you DNG-INC !!

    I followed the link, followed the directions and no more password prompting!!


    Excellent !!


    Matthew E. Newman
    Wednesday, January 28, 2009 7:16 PM
  • http://cas.domain.local instead of https://cas.domain.local which I fixed via the Exchange Management Console -> Server Configuration -> Client Access Server -> Offline Address Distribution tab.
    Thank you very much for this help.
    I got the same problem (With Exchange 2007 SP1, Office 2007 SP2). I just changed http to https (and also add the external url) and everything is working fine now (no more annoying login prompt when starting Outlook 2007).


    Wednesday, May 20, 2009 6:27 AM
  • We just had one user experiencing this error after he changed his domain password.  I checked out the event log for that user's workstation, and saw a Kerberos/14 error:

    "There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential domain.local\user."

    I had the user do this, and it resolved the issue. 
    Thursday, November 26, 2009 12:54 AM
  • First, Thank You Funj for pointing me in the right direction.  I ran the Outlook connection test, and noticed some strings had failed to authenticate even though all URL's were correct.  Checked the server and found DCOM errors pertaining to the computer in question. 

    I determined it was Norton Internet Security 2009 blocking a port.  Cant remember which port, but I think it was whatever COM+ uses.  (COM+ Network Access (DCOM In) 

    I was making it more difficult for myself by looking at all these posts for the issue, and skipped the obvious troubleshooting steps. 

    I hope this helps someone. 

    Thanks Again Funj.  I never had a reason to run the connection test before........  Now I know:)
    • Proposed as answer by Todd Lincoln Tuesday, February 09, 2010 10:10 PM
    Tuesday, January 05, 2010 2:59 AM
  • It is an autodiscover issue.  You either have to configure autodiscover or if you install Rollup 9 for Exchange 2007 it will remove the issue alltogether.

    Rollup 9 changes the behavior of exchange 2007 so it does not require autodiscover configuration for internal users.

    You can read more about it here http://blogs.technet.com/SBS/  look on the page for Outlook 2007 prompts.
    • Proposed as answer by Todd Lincoln Friday, February 26, 2010 4:28 PM
    Tuesday, February 09, 2010 10:12 PM
  • Very easy to solve

    Start >> Administrative Tools >> IIS >> (your server name) >> Authentication >> Windows Authentication >> Enable

    Pop up goes away

    Let me know if it works for u.

    Joggie Claassen

    Wednesday, March 03, 2010 6:50 PM
  • Joggie - half an hour and no popups... I've tried loads of fixes so far and nothing has worked.  Hopefully this has nailed it!
    Will update you if it comes back again.
    Tuesday, March 09, 2010 9:21 PM
  • My two cents worth... lots of good advice here and you may need to apply more than one solution. I did most if not all of the above tweaks, and finally got the problem to go away for good with one final change:

    Start the IIS Manager on your CAS server, go to Default Web Site > Autodiscover (virtual directory) > properties > Security. I added the "Authenticated Users" group. Permissions: read/execute, list folder contents, read. Then restart IIS. Many thanks for MS Support's help with this; it took us about 7 hours on the phone to get to this solution!

    Thursday, April 01, 2010 10:58 PM

    I think it as a kerberos error.

    could you please check by setting NTLM authentication on the outlook side.




    Sunday, April 04, 2010 4:41 PM
  • Santhos is probably correct. I work as IT system consultant and have many Exhange using companies as my customers. A few of them had this problem. Seeing through all the suggestions here, some of them are correct for their problem. But i wanted to post here to explain something very important.

    I solved this issue where i had checked everything stated here, pluss more. From the symptoms i always thought it was some autodiscover issue, and that it had to be related to authentication.

    Here is a worklist of what you need to check if you have this issue. See abowe post for more details on each step.

    1. Make sure that your SSL certificate is working. Test Outlook Web Mail. If SSL is working as intended go to step 2.

    2. Check all internal and external URL. Also the SCP (Get-ClientAccessServer | fl)

    3. Verify if you get a result from https://mail.domain.com/autodiscover/autodiscover.xml  (swap mail.domain.com with your AutoDiscoverServiceInternalUri - see step 2.).

    4. Dobbel check that you got Windows authentication = enabled, on the Autodiscover site in IIS. Also the main fix for my issue was to ensure that under advanced settings of Windows Authentication you have kernel mode authentication enabled!!! On my customers server it was off. And it was standard install with no modifications in IIS.

    Hope this helps those that still struggle with this issue.


    Monday, May 10, 2010 9:17 PM
  • Kennet

    Many thanks after following all of the above, it was the little nugget of information about enabling kernal mode that solved my problems



    Wednesday, June 23, 2010 2:28 PM
  • Ok looking at the checklist from Santhos when I get to setp 3 and get the ISA Forms Based Authentication.  It is set up that way so we can use the same url internally or externally.  I have a redirect rule written for OWA 2007 on ISA to enable this to happen.  Yes if I remove the redirect rule everything seems to work just fine.  Any ideas what the best way to do this would be for both internal and external resolution of OWA?
    Tuesday, June 29, 2010 9:42 PM
  • Ok After much searching again here is a site I found that answered my specific question from above. 




    Had to work out the issues with all traffic being redirected from the common url vs just OWA traffic internally.

    Friday, July 09, 2010 5:48 PM
  • This is what fixed my problem which had to do with the proxy settings in my IE.  Once I put my exchange server DNS in the Exceptions field the prompt stopped ie https:\\jh002.companyname.com, see link for further explaination....


    Friday, October 15, 2010 7:00 PM
  • My outlook 2007 cred. pop-up issue was fixed when i disabled basic authentication for the autodiscover site.

    Only Windows Authentication Enabled

    Friday, November 26, 2010 10:30 AM
  •                 My environment is SBS 2008 using Exchange 2007 with XP Professional and Windows 7 Professional clients, all using Outlook 2007. My problem appears to be the same as the rest of you, but none of the fixes suggested above solve the problem. When my clients, all of which are on the same network as the SBS 2008 server, open their Outlook they get the popup depicted a title of Connect to Server001.companyname.local and stating Connecting to remote.companynameprofession.com. Once they have provided their credentials (domain\username and password), the popup will reappear several times. If they click on cancel after having provided the correct credentials the first time, it connects, and it will be a few minutes before the popup starts happening again. You may wish to note that the internal domain is companyname.local, and the server name is server001. The outside domain is companynameprofession.com, and all default email addresses are username@companynameprofession.com. Exchange 2007 is set up to receive email addressed to users at companyname.local and users at companynameprofession.com, and remote.companynameprofession.com is the FQDN assigned by SBS 2008/Exchange in the initial configuration process. I have tried most of the fixes suggested in this link to no avail.


                    I’m pretty sure this is an autodiscover problem. The autodiscover DNS entry does exist as does all of the A records for companyname.local. Both the autodiscovery DNS entry and the A record for server001.companyname.local point to the same IP address.


    If I run the Get-ClientAccessServer |fl command; I get:


    [PS] C:\Users\user\Desktop>Get-clientaccessserver |fl


    Name                           : SERVER001

    OutlookAnywhereEnabled         : True

    AutoDiscoverServiceCN          : SERVER001

    AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service

    AutoDiscoverServiceInternalUri : https://remote.companynameprofession.com/Autodis


    AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596

    AutoDiscoverSiteScope          : {Default-First-Site-Name}

    IsValid                        : True

    OriginatingServer              : SERVER001.companyname.local

    ExchangeVersion                : 0.1 (8.0.535.0)

    DistinguishedName              : CN=SERVER001,CN=Servers,CN=Exchange Administra

                                     tive Group (FYDIBOHF23SPDLT),CN=Administrative

                                      Groups,CN=First Organization,CN=Microsoft Exc



    Identity                       : SERVER001

    Guid                           : b7219d3b-3df6-4a32-b054-d49a5834498c

    ObjectCategory                 : companyname.local/Configuration/Schema/ms-Exch-Ex


    ObjectClass                    : {top, server, msExchExchangeServer}

    WhenChanged                    : 11/16/2010 1:57:48 PM

    WhenCreated                    : 11/10/2010 2:52:01 PM


    [PS] C:\Users\user\Desktop>

    If I try to browse from a client PC to https://remote.companynameprofession.com/Autodiscover/Autodiscover.xml, I get a credentials challenge:

    I enter my credentials (which, by the way, have administrative rights), and after telling it OK 3 times I get:

    HTTP Error 401.1 - Unauthorized

    You do not have permission to view this directory or page using the credentials that you supplied.

    If I look at the certificate, which is self issued, I see the following Subject Alternative Names:

    DNS Name=companynameprofession.com

    DNS Name=remote.companynameprofession.com

    DNS Name=SERVER001.companyname.local


    I would kill for a solution. I cannot find anything that is wrong, and I can’t make the problem go away. Anyone able to kelp??

    Wednesday, December 01, 2010 12:28 AM
  • GreyFox,


    I have exactly same issue as you have/had. I have tried all the fixes suggested to no avail.  Did you ever solve your issue?



    Thanks in advance for any help!

    Wednesday, January 19, 2011 3:07 AM
  • Follow FUNJ's instructions about OAB and also uninstall Microsoft Outlook Update KB2412171 which causes the email address for Autodiscover not show correctly. 
    Tuesday, March 08, 2011 7:06 AM
  • Finally!!!

    I think I found a sollution for my problem with SBS 2008/Exchange 2007/Outlook 2007 authentication system, both over RPC and regular. Just keeps asking for password! Tried a million things just like the others, no joy. Went into IIS Manager, opened SBS Web Applications, Select Owa, double click SSL settings, check Accept instead of ignore or require, and Apply. I repeated for remote, Rpc, RpcWithCert. leave Autodiscover on Ignore in order to make it continue to work.

    Add Basic Authentication on RPC and RPC with Cert.

    Restarted Web Publishing and IIS Admin, and YES!!! Finally I got rid of Outlook 2007 continously asking for password! Joy Joy Joy!!!

    • Proposed as answer by TimberJon Monday, June 06, 2011 6:01 PM
    • Unproposed as answer by TimberJon Tuesday, June 07, 2011 3:40 PM
    Monday, March 28, 2011 10:52 PM
  • I thought I had, but it came up again after about 30 minutes. I searched and found this site. It seems to have worked.




    Hope this helps out anyone else.

    Thursday, August 18, 2011 4:59 AM
  • What worked for me.

    Control Panel > Mail > Email Accounts > Microsoft Exchange | Change... > More Settings > Security > Password Authentication (NTLM)

    Change from Negotiate Authentication

    My problem was when I installed Office 2007 and attempted to setup a mail profile, constant prompting would occur while setting up the mail profile. It would not let me even create it. Once the changes above were made, prolem went away. The connect is strictly used on the internal LAN and is used to backup mailboxes.


    Wednesday, September 21, 2011 3:39 PM
  • I resolved by changing to ignore Client Certificates  in the SSL Settings for the autodiscover site in the IIS.
    • Proposed as answer by Eduardo Farias Friday, October 14, 2011 2:24 PM
    Friday, October 14, 2011 2:24 PM
  • I resolved by changing to ignore Client Certificates  in the SSL Settings for the autodiscover site in the IIS.

    Yes, this works. Moreover, you're probably have to do the same for EWS directory.

    In our environment we set up a private CA and used it to issue certificate for Exchange services. As far as for users. But in case of users certificates we provide only disk encryption purposes.

    What is the actual meaning of "Client certificates" settings in IIS? How to interpret them? Which client certificates does it talking about? And what about credentials promts in this case? Does it concern private CA?

    Could somebody clarify the situation?

    Wednesday, March 07, 2012 3:16 PM
  • This article from MS did the trick for me.  Perhaps it's the same one referenced earlier in the thread but wasn't working.


    Monday, March 26, 2012 9:10 PM
  • Im having the a similar problem as well, first thing I checked was the autodiscover url at https://exchsrv.company.com/autodiscover/autodiscover.xml and discovered that integrated windows authentication wasnt logging me in but the weird thing is when I use https://exchsrv/autodiscover/autodiscover.xml, it works fine, it seems it doesnt like FQDNs, im using a UCC certificate for my exchange server, even my OWA doesnt like FQDN, anyone can point me in the right direction ? thanks
    Wednesday, April 18, 2012 6:34 AM
  • Edit the registry key on the client machines like so:


    This is what we did under each profile that was having the issue.  Resolved.  If I remembered where we found the fix I would link to it.

    Good luck!

    Monday, June 04, 2012 7:58 PM
  • We had this problem and our solution was to download GAL on Outlook.
    Wednesday, January 16, 2013 11:29 PM
  • Exchange 2007, 60 mailboxes. One user only had the problem - in Outlook and on her iPhone.  Turns out she had not logged off for over a week and was just locking her Windows session each evening.  AD password renewal was overdue and when reset all came good.
    Thursday, June 20, 2013 3:18 AM