none
CAS server in a 2node CAS array prompting for Outlook Credentials

    問題

  • Hi all,

    I have a very odd issue with one of my CAS servers.  I currently have 2 standalone VM CAS servers, 2 standalone VM HUB servers and 12 physical Mailbox servers in a blade chassis.  This has been working fine for a few years now but over the last 2weeks node 2 in my CAS array has been prompting Outlook users for credentials but never accepts them.  the only way to rectify this we have found is to remove Node 2 from our Cisco Load Balancer and restart Outlook which seems to redirect the connection to Node1 of the CAS array.  Once we reboot node2 we can add it back into the Load Balancer config but again after about a day it does the seem, so we have to take it out.

    We are running Exchange 2010 SP3 RU18.  I cannot see any untoward errors in the event logs or the IIS logs (well nothing that is unique to node 2 anyway).  Has anyone seen this particular behaviour before?  I really dont like running on a single CAS server so need to figure this out relatively quickly.

    Thanks in advance for your replies :)

    Ryan

    2018年6月4日 上午 11:31

所有回覆

  • Hi all,

    I have a very odd issue with one of my CAS servers.  I currently have 2 standalone VM CAS servers, 2 standalone VM HUB servers and 12 physical Mailbox servers in a blade chassis.  This has been working fine for a few years now but over the last 2weeks node 2 in my CAS array has been prompting Outlook users for credentials but never accepts them.  the only way to rectify this we have found is to remove Node 2 from our Cisco Load Balancer and restart Outlook which seems to redirect the connection to Node1 of the CAS array.  Once we reboot node2 we can add it back into the Load Balancer config but again after about a day it does the seem, so we have to take it out.

    We are running Exchange 2010 SP3 RU18.  I cannot see any untoward errors in the event logs or the IIS logs (well nothing that is unique to node 2 anyway).  Has anyone seen this particular behaviour before?  I really dont like running on a single CAS server so need to figure this out relatively quickly.

    Thanks in advance for your replies :)

    Ryan

    Something may have changed on the virtual directories, compare perms and auth settings with the one that works.

    12 mbx servers and only 2 CAS? That's a pretty bad ratio. I would add more CAS.

    2018年6月4日 下午 01:21
    版主
  • 12 mbx servers and only 2 CAS? That's a pretty bad ratio. I would add more CAS.

    Unless they have only 12 mailboxes.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    2018年6月4日 下午 08:44
  • Hi Ryan,

    How about bypass this load balance?
    We can add a DNS record in client HOSTs file and point to effect CAS server directly, then re-open Outlook and check the result.

    If it works fine, it indicate that this Exchange server is working well, and issue might cause in LB.
    Then, check the log on Cisco Load Balancer.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年6月5日 上午 08:27
    版主
  • Hi Ryan,

    How about bypass this load balance?
    We can add a DNS record in client HOSTs file and point to effect CAS server directly, then re-open Outlook and check the result.

    If it works fine, it indicate that this Exchange server is working well, and issue might cause in LB.
    Then, check the log on Cisco Load Balancer.

    Best Regards,
    Allen Wang



    Hi, thanks for the reply.  I have done this on a test box I have but i still receive the connection issue when pointing to it directly.
    2018年6月5日 上午 09:09
  • Well, no related event log on this server?
    Please run "Test-ServiceHealth <effect server>" on this server, and output the result.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年6月8日 上午 03:34
    版主
  • Hi,

    Any further help we can do for you?
    If it's solved, would you please post the solution here to share it with us? Thanks.
    Also, please free to mark the useful reply as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年6月15日 上午 01:44
    版主
  • Looks like an NTLM misconfiguration.

    Are you using NTLM or Kerberos as authentcation? Ex2010 default uses NTLM unless you configured Kerberos authentication. On the IIS websites/virtual directories in authentication it should have NTLM as first provider and Negotiate as second (as I onderstood, Negotiate means try first Kerberos and then NTLM if both are available).Please check both CAS servers and see if settings are the same.

    Did anything change in the Outlook client policies? Maybe the policy changed from NTLM auth to something else?

    9 小時 20 分鐘前