Exchange 2007 to 2013 Migration - Never ending credential popups (Full Version)

All Forums >> [Microsoft Exchange 2013] >> Migration


JoeCyberlink -> Exchange 2007 to 2013 Migration - Never ending credential popups (3.Dec.2015 8:33:26 AM)

I tried posting over at technet but have gotten absolutely nowhere. Hopefully someone in this community can guide me in the right direction. I am migrating a 2007 Exchange to 2013. I am through the installation of 2013 which went without much issue. The problem I am having though is when I create a new mailbox or migrate a test mailbox from 2007 to 2013 and try to set it up in Outlook I am presented with a credential popup during the autodiscovery phase that accepts no credentials and will not allow me to complete setup. If I cancel it enough times it finishes but then when I open outlook I get a message that outlook is offline or the folders cannot be opened and it just closes out. I have googled this to death and tried lots of things. I have changed the authentication to all the recommended settings for internal/external and I just can't get around it!!! I have a self signed certificate with all the SAN names on it. Here is the output of several commands I have been using while troubleshooting this... Maybe you will spot something I don't see.
[PS] C:\Windows\system32>Get-OutlookAnywhere

RunspaceId : faa16304-da80-45d9-95ba-9d472a0c5869
ServerName : EXCHANGE
SSLOffloading : True
ExternalHostname :
InternalHostname : exchange.communityfoundation.local
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : False
MetabasePath : IIS://Exchange.Communityfoundation.local/W3SVC/1/ROOT/Rpc
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
AdminDisplayName :
ExchangeVersion : 0.20 (
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
Identity : EXCHANGE\Rpc (Default Web Site)
Guid : 8ddb4552-5fd8-4590-bf36-c1b91f4ed347
ObjectCategory : Communityfoundation.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 11/16/2015 2:01:56 PM
WhenCreated : 10/19/2015 6:08:12 PM
WhenChangedUTC : 11/16/2015 7:01:56 PM
WhenCreatedUTC : 10/19/2015 10:08:12 PM
OrganizationId :
OriginatingServer : Server2008.Communityfoundation.local
IsValid : True
ObjectState : Changed[/code]

[code][PS] C:\Windows\system32>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH msstd:mail.communityfounda... 1
EXPR msstd:mail.communityfounda... 1
WEB msstd:mail.communityfounda... 1

[PS] C:\Windows\system32>Get-RpcClientAccess

Server Responsibility MaximumCo Encryptio BlockedClientVersions
nnections nRequired
------ -------------- --------- --------- ---------------------
EXCHANGE Mailboxes, PublicFolders 65536 True

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
CertificateDomains : {exchange.communityfoundation.local,,
AutoDiscover.Communityfoundation.local,, Exchange,, Communityfoundation.local,}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=exchange.communityfoundation.local
NotAfter : 11/19/2020 10:24:20 AM
NotBefore : 11/19/2015 10:24:20 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 5F5EB633EDA95BA443546C8233102E0B
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=exchange.communityfoundation.local
Thumbprint : 1C64AEB18AB4321B3F4D88F18744B4519715F536

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
CertificateDomains : {WMSvc-EXCHANGE}
HasPrivateKey : True
IsSelfSigned : True
NotAfter : 10/16/2025 1:56:31 PM
NotBefore : 10/19/2015 1:56:31 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 21406EBA06651AA0424CBD99FEAE1489
Services : None
Status : Valid
Thumbprint : 50B014615B81ED7964290B7F9DC2B2A8FE36A4A2

It goes like this
I setup a new profile
I let auto disocver take over
step one completes ok
step two then prompts me for a username/password and accepts nothing
Cancel 3 times and it finishes, 3 checks
Open Outlook, get prompted for username and pw again
cancel (nothing works)
Outlook fails with error exchange is offline or folders cant be opened
Examine email settings
Click more settings
General says "Exchange.communityfoundation.local (shouldn't this be a guid??"
Security tab says Negotiate authentication
Connection tab - Outlook Anywhere is unchecked (used to be checked but in all the troubleshooting it doesn't anymore). I check it and type in the proxy https://exchange.communityfoundation.local, I check the connect using SSL and type in msstd:exchange.communityfoundation.local, check both fast and slow networks and set auth to NTLM
Nothing seems to make any difference...always stuck in same spot!!!!!!!!

Im going insane over this. on top of that if I try to OWA the user I get an invalid username/password when it's not (I'm logged in as the user currently).

I also followed an article that had me change the authentication in IIS and set Kernel mode on OWA and Autodiscover, also made no difference.

Please help before I go completely insane.

Page: [1]