none
outlook连接exchange2013 老是提示输入密码 RRS feed

  • 问题

  • 大家好:

         我公司部署的是exchange2013,现在是更新到cu3。客户端都是域外用户,采用outlook anywhere来进行连接。

         ecp中outlookanywhere的验证方式是NTLM。客户端的outlook版本有2007,2010和2013,都是选择使用outlookanywhere来进行连接,验证方式也是选择的NTLM,在验证时也勾选了记住密码。现在的问题是只有outlook2013版本不需要输入密码。而outlook2007和2010版本在打开,都会出现需要输入密码的情况,在输入密码后可正常使用。

          这个问题有谁遇到过么。当一个电脑同时配置了多个exchange邮箱时,遇到这个问题特别麻烦


    2015年2月9日 8:36

答案

  • 您好,

    检查一下autodiscovery 的内部和外部的验证模式是什么,应该为NTLM,

    Get-OutlookAnywhere –Server <Name of CAS Server> | fl *External*

     Get-OutlookAnywhere –Server <Name of CAS Server> | fl *Internal*.

    It is important for you to understand the difference between several authentication types Exchange offers for Outlook Anywhere

    Basic authentication: If you select this authentication type, Outlook will prompt for username and password while attempting a connection with Exchange.

    NTLM authentication: If you select this authentication type, exchange does not prompt users for a user name and password. The current Windows user information on the client computer is supplied by the browser through a cryptographic exchange involving hashing with the Web server. If the authentication exchange initially fails to identify the user, the browser will prompt the user for a Windows user account user name and password. So, when Outlook is trying to connect to Exchange and if the machine is domain joined, there isn’t a need to provide password.

    Negotiate authentication: Enabled by default in Exchange 2013. This is a combination of Windows integrated authentication and Kerberos authentication. If we employ negotiate authentication, exchange will authenticate the client using NTLM authentication type and if unable to verify authenticity, will challenge the client to authenticate using a username and password.

    If you look at Outlook settings –> Account Settings –> More Settings –> Connection, you may see the same authentication settings.

    When we configure Outlook Anywhere and select an authentication type, Autodiscover will update outlook client with all URL details and authentication type.

    Always note that you should not be mislead with proxy settings in Outlook alone. If you have a different URL configured for InternalHostname and ExternalHostName, Outlook proxy settings will only show InternalHostname and this is by design.


    2015年2月12日 3:31

全部回复

  • 客戶端的操作系統是 XP還是windows7 ?
    2015年2月10日 3:02
  • 客戶端的操作系統是 XP還是windows7 ?
    安装多个exchange账户的客户端都是win7。也有xp的客户端,不过xp的客户端没有安装多个账户的需求
    2015年2月10日 3:16
  • 看到一个类似的解决方案

    http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28174977.html

    考虑到有可能防火墙阻隔无法访问,


    Problem Description:
     Internal Outlook 2010 Clients are getting Credentials  prompt again and again connected to E2K13 ( EX01 ) 
     
    Resolution:
    +We ran the command

    Set-OutlookProvider EXPR -CertPrincipalName msstd:owa.newschoolname.org
    [note: I had not done this one]

    Set-OutlookProvider EXCH -CertPrincipalName msstd:owa.newschoolname.org

    Set-OutlookAnywhere -Identity "EX01\Rpc (Default Web Site)" –InternalHostName “owa.newschoolname.org” -InternalClientsRequireSsl $False -ExternalHostName owa.newschoolname.org -ExternalClientsRequireSsl $True -InternalClientAuthenticationMethod NTLM  -IISAuthenticationMethods  Basic, NTLM, Negotiate -ExternalClientAuthenticationMethod NTLM

    +Restarted the following services: Microsoft Exchange Service Host  & Microsoft Exchange RPC Client Access

    +Did IIS reset

    +We Created a New Zone for Autodiscover .newschoolname.org  on internal DNS

    [note: I had created an "A" record and added a host file, but not a zone]

    +We ran the command ipconfig /flushdns  & ipconfig /registerdns.

    +Now we are able to ping Autodiscover .newschoolname.org from the  Outlook Client machine

    [This was a freebie - we don't need/use old Public Folders and they were hung up in the migration]
    + We went to the ADSIEDIT --Exchange Administrative Groups --Site folder ---made the Public folder attribute to Not set

    + We went to  ADSIEDIT ---- Mailbox Database on----MSExchHomePublicMDB ---Made to not set

    + We went to  ADSIEDIT - ---OfflineAddressBook :------  Made to not set

    + We ran the command Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address List (Ex2013)"

    +We restarted the Microsoft Exchange Information Store

    +Now outlook is working fine

    2015年2月11日 3:29
  • 你好,我按照上面的解决方案操作了,设置了outlookprovider的值并重启了服务,IIS的设置也已经更新,但是IIS没有重启。

    这样的情况下outlook2007和2010的问题仍然存在

    2015年2月12日 1:45
  • 您好,

    检查一下autodiscovery 的内部和外部的验证模式是什么,应该为NTLM,

    Get-OutlookAnywhere –Server <Name of CAS Server> | fl *External*

     Get-OutlookAnywhere –Server <Name of CAS Server> | fl *Internal*.

    It is important for you to understand the difference between several authentication types Exchange offers for Outlook Anywhere

    Basic authentication: If you select this authentication type, Outlook will prompt for username and password while attempting a connection with Exchange.

    NTLM authentication: If you select this authentication type, exchange does not prompt users for a user name and password. The current Windows user information on the client computer is supplied by the browser through a cryptographic exchange involving hashing with the Web server. If the authentication exchange initially fails to identify the user, the browser will prompt the user for a Windows user account user name and password. So, when Outlook is trying to connect to Exchange and if the machine is domain joined, there isn’t a need to provide password.

    Negotiate authentication: Enabled by default in Exchange 2013. This is a combination of Windows integrated authentication and Kerberos authentication. If we employ negotiate authentication, exchange will authenticate the client using NTLM authentication type and if unable to verify authenticity, will challenge the client to authenticate using a username and password.

    If you look at Outlook settings –> Account Settings –> More Settings –> Connection, you may see the same authentication settings.

    When we configure Outlook Anywhere and select an authentication type, Autodiscover will update outlook client with all URL details and authentication type.

    Always note that you should not be mislead with proxy settings in Outlook alone. If you have a different URL configured for InternalHostname and ExternalHostName, Outlook proxy settings will only show InternalHostname and this is by design.


    2015年2月12日 3:31