EDIT: I've posted this somehow in the wrong forum, can somebody move my post to the correct forum subject?
Dear all,
We have 1 Exchange 2007 and 1 CAS server running and a Terminal Server. All Outlook 2007 clients are connecting using HTTPS/RPC internally and external. Now our problem is that when we try to configure an outlook client 2007 from the outside, that the "Online Search for your server settings" fails. We constantly get the credentials (u/p) prompt which is provided the correct credentials but are not accepted. On the CAS server we see failed logins for that username and password. Credentials are fine.
From inside (for example on the Terminal Server) everything works fine (incl. OAB, OOF, etc). So this should be something with login to autodiscover.
Conclusion: When we try to connect to: https://externaladdress.domain.net/autodiscover/autodiscover.xml (from ANY server within the LAN) we can logon with every valid credential. Now when we try to connect to the above mentioned address from ANY other external address (and different clients), we are not able to login and are constantly prompted with the UserName and Password window.
Test Steps Attempting to contact the AutoDiscover service using the HTTP redirect method. Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
Attempting to resolve the host name autodiscover.domain.net in DNS. Host successfully resolved
Additional Details Testing TCP Port 80 on host autodiscover.domain.net to ensure it is listening and open. The port was opened successfully. Checking Host autodiscover.domain.net for an HTTP redirect to AutoDiscover Received Redirect (HTTP 301/302) Response successfully.
Attempting to resolve the host name webmail.otherdomain.net in DNS. Host successfully resolved
Additional Details Testing TCP Port 443 on host webmail.otherdomain.net to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The certificate passed all validation requirements.
Test Steps Attempting to send AutoDiscover POST request to potential autodiscover URLs. Failed to obtain AutoDiscover settings when sending AutoDiscover POST request.
I got an update in the meanwhile: I've switched off Windows Authentication and only allow Basic Authentication on the AutoDiscovery site (using IIS manager 7) and I'am able to login now. The consequence of switching off Windows Authentication is that my Internal Outlook clients are all asking for credentials now, before they continue. Once done, they are able to use everything within outlook (inside users)
Now for the External non domain users, they are able to discover there settings and are able to connect. However they are not able to use the Out Of Office Assistant, unless I grand (instead of both) only Basic Authentication on the EWS folder using IIS Manager 7. This has no effect on internal clients, they still can use the Out Of Office Assistant.
So two issues are left: 1.) I'll need to make sure that internal users do not need to enter their credentials, as they already did this when logging in on the Terminal Server. If Windows authentication is enabled we do not have to enter credentials.
2.) Outside users can not download the offline address Book. If I put Outlook in logging mode, it seems that the correct OAB url is defined, but when I open the url in a browser and try to login, it seems that my credentials are refused again. I've tried to change the OAB folder authentication to BASIC only instead of Basic and Windows Authentication, but without luck.
Posts: 240
Joined: 24.Sep.2009
From: UK
Status: offline
David
I would suggest that the answer to 1 is an Outlook configuration issue. Go into Tools - Options - Mail setup. Email Accounts - (Select Exchange account) - More Settings - Connection Exchange proxy Settings. Now look at On fast Networks and On slow Networks connection settings. If you have On fast Networks... Slected you get the login prompt as you are using HTTPS not RPC to connect to Exchange. This should also move load from CAS server to MBX server instead. Will have a look at my OAB config as we seem to have no probs here with remote downloading of OAB.
At this moment only Basic Authentication is allowed, because if we enable Windows Authentication then outside users are not able to login anymore. Or should I enable it only in specific virtual folders?
I've configured an NEW Outlook profile on our internal Terminal Server, with the following settings:
1. Server internal name 2. Username (same as display name; 3. I did not configure RPC, just a normal internal connection.
which still automatically connects through the CAS server (which is as far as I know, normal?) to the MBX. Now because our SCP is like: webmail.somedomain.com Outlook will be redirected to the CAS, which on his turn is connected to that hostname. Did we configured this wrong?
So I'm still prompted for a username and password inside. (I assume I need to switch on Windows Authentication on RCP only?)
Posts: 240
Joined: 24.Sep.2009
From: UK
Status: offline
By default Outlook should connect via RPC on a LAN. Which can be forced by running HTTP first on both Fast and Slow networks in the outlook config for your Exchange profile.
As for authentication types, you can only, to my knowledge, set 1 auth type at a time via the Exchange tools. To add additional ones You need to run IIS admin and set the Authentication types on each virtual folder. We currently have OAB using basic and Windows Auth if that helps, and I am not aware of anyone being asked for a login to download it. Actually currently testing same on RPC virt dir with basic and windows auth.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2010] >> General >> autodiscover login problem 
autodiscover login problem - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
