+ Post New Thread
Results 1 to 15 of 15
Enterprise Software Thread, Exchnage 2007 - Authentication Pop-Up box in Outlook !!! in Technical; Hi all, Can anyone please help with our annoying Outlook 2007 problem! When staff open outlook they are being asked ...
  1. #1

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26

    Exchnage 2007 - Authentication Pop-Up box in Outlook !!!

    Hi all,
    Can anyone please help with our annoying Outlook 2007 problem!

    When staff open outlook they are being asked to authenticate to our mail server...
    mail.school.worcs.sch.uk
    If they pop in their user/pass they can then load outlook and carry on as normal.
    OR
    If they first login to OWA webmail.school.worcs.sch.uk they can then load outlook.

    Does anyone please know what is going on?

    Also here are the internet requests i captures with putty when they enter their credentials.. Should outlook in school be accessing webamail on https??

    1299661532.801 0 10.50.4.15 TCP_DENIED/407 1308 CONNECT webmail.school.worcs.sch.uk:443 - NONE/- text/html
    1299661532.807 3 10.50.4.15 TCP_DENIED/407 1620 CONNECT webmail.school.worcs.sch.uk:443 - NONE/- text/html
    1299661533.021 208 10.50.4.15 TCP_MISS/000 12945 CONNECT webmail.school.worcs.sch.uk:443 test.teacher SOURCEHASH_PARENT/Staff -

    Thanks in advance !

  2. #2

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Is this issue for all users?
    Is this an issue for all PC's?
    Which version of Exchange are you using, i.e SP level
    What version of Outlook are you using, i.e SP Level?

    HTTPS for internal is fine and I will confirm but believe is default.

    Regards
    Sukh

  3. Thanks to sukh from:

    burgemaster (9th March 2011)

  4. #3

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Hi, sorry for the vagueness!

    Is this issue for all users? - No only some, but I have 2 users that I can replicate on every time
    Is this an issue for all PC's? - No not all PCs, testing with the above users works on some but not others.
    Which version of Exchange are you using, i.e SP level - We are on SP2 not done any updates for a while.
    What version of Outlook are you using, i.e SP Level? Pro Plus 2007, mainly with SP1 but some without.

    Thanks for looking at this Sukh !

    The only errors in the eent log are regarding no valid certificate for POP (server restarting, will update with the event details in a minute)
    Last edited by burgemaster; 9th March 2011 at 10:53 AM.

  5. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Can you please look at Outlook 2007 prompts you repeatedly for a password under certain network conditions before we continue.

    Thanks
    Sukh

  6. Thanks to sukh from:

    burgemaster (9th March 2011)

  7. #5

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Quote Originally Posted by sukh View Post
    Hi

    Can you please look at Outlook 2007 prompts you repeatedly for a password under certain network conditions before we continue.

    Thanks
    Sukh
    Important Do not apply this hotfix if an account lockout policy has been applied.
    We have an account lock policy here, also everything has worked perfectly for 3 years. About 2 weeks ago re-newed the external certificate??

    I have one user that works perfectly on one machine (win7) but does not work on another 5 xp machines ive tested on.
    Also once we have logged into webmail just once, then closed, outlook works perfectly???

    Teachers are also reporting that after getting the error when first logging on, after around 5min they can then load outlook?
    I have seen this myself with a test logon????

    Cant work this out
    Last edited by burgemaster; 9th March 2011 at 11:48 AM.

  8. #6

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    OK. So does this occur everytime a user logs on for the first time, i.e teachers which works fine, after 5mins they can load Outlook. If this same teacher logs off the same machine and logs back on again, do they have the same issue?

    Does the teacher do anything within those 5 mins for the error to go away, i.e do they load OWA or enter the credentials?

    The one user who is successful on the Win 7 machine, can this user logoff and logon to the same Win 7 machine each time without issues?
    Is it only when this same user logs onto a XP machine, do they experience the issue?

    Also, just to clarify, Exchange is deployed onsite?
    Which certificate did you renew? For OWA and related services?

    Thanks
    Sukh

  9. Thanks to sukh from:

    burgemaster (9th March 2011)

  10. #7

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Hi

    OK. So does this occur everytime a user logs on for the first time, i.e teachers which works fine, after 5mins they can load Outlook. If this same teacher logs off the same machine and logs back on again, do they have the same issue?
    Correct... teacher logs out and then back in, they must then around 3 min - 5min.

    Does the teacher do anything within those 5 mins for the error to go away, i.e do they load OWA or enter the credentials?
    No, tested with an account, just loading outlook every 30secs, click close, then try again.

    The one user who is successful on the Win 7 machine, can this user logoff and logon to the same Win 7 machine each time without issues?
    Correct, works everytime. This pointed me to profiles, so created a new server and local profile for that user.. didnt help.

    Is it only when this same user logs onto a XP machine, do they experience the issue?
    Yes, BUT i have seen this happen on a this Win7 machine for another user.

    Also, just to clarify, Exchange is deployed onsite? Correct

    Which certificate did you renew? For OWA and related services?
    Correct (see get-exchangecertificate results below)

    We have one self-certificate as mail.xxxx.local is not on the geotrust cert.
    The only difference from a screenshot that i took before i replaced the cert was IIS was not listed as a service for it?

    Thanks <-- THANKYOU !!!
    Sukh


    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.XXXXXXXXX.local}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=mail.XXXXXXXX.local
    NotAfter : 09/03/2012 09:43:42
    NotBefore : 09/03/2011 09:43:42
    PublicKeySize : 2048
    RootCAType : None
    SerialNumber : D4274591XXXXXXXXXXXXXX870E947225
    Services : SMTP
    Status : Valid
    Subject : CN=mail.XXXXXX.local
    Thumbprint : A8E61399XXXXXXXXX8E777700283669D1E072B

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {autodiscover.XXXXXXX.worcs.sch.uk, webmail.XXXXXXXXX.worcs.sch.uk}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US
    NotAfter : 06/03/2014 08:59:05
    NotBefore : 02/02/2011 06:42:39
    PublicKeySize : 2048
    RootCAType : ThirdParty
    SerialNumber : 60A4
    Services : IMAP, POP, IIS, SMTP
    Status : Valid
    Subject : CN=autodiscover.XXXXXXXX.worcs.sch.uk, OU=GT94688674, O=XXXXXXXXX Secondary School, L=XXXXXXXXX, S=XXXXXXXXX, C=GB, SERIALNUMBER=XXXXXXXXXX-OzeS/hJY-
    Thumbprint : 9E1B647EA0DFGAFGAZGFA4546B4478A5CCB
    Last edited by burgemaster; 9th March 2011 at 12:24 PM.

  11. #8

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    ive just noticed our internal cert has "CertificateDomains : {mail.XXXXXXXXX.local}", while the old had "CertificateDomains : {mail, mail.XXXXXXXXX.local}" ?

    Also, logging in and not touching anything does not work. You must once attempt to load outlook once, then wait 3-4min.....
    Last edited by burgemaster; 9th March 2011 at 12:43 PM.

  12. #9

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Have you got a PC where you can load Office 2003 and test using a problem user?

    Thanks
    Sukh

  13. #10
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29
    Sukh's link is on the money btw.

    I had to do the same thing myself and we went from semi-frequent prompts to it only happening on a rare occasion (usually caused by switching between multiple connections and/or password change during switching connections etc) .... so plz test this one out before dismissing it. If it works, use GP to deploy out the setting and you'll be cooking on gas

    I've gone for this:
    Account: Domain
    UseWindowsUserCredentials: 1
    Protocol: TCP, HTTP with NTLM authorization
    Result: Connect to Microsoft Exchange without prompting for user credentials.
    Also, get Office 2007 updated to SP2 (along with any hotfixes) to try and minimise the problems. Despite looking nice, Outlook seems to be pretty riddled with bugs and stuff when connecting in with an Exchange account.

    Cheers

  14. Thanks to tarquel from:

    burgemaster (9th March 2011)

  15. #11

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    What I am trying to get to is the authentication method which is beng used. Outlook 2003 will use a different method communicating to Exchange. Outlook 2007/2010 use a different method.

    I wanted to try Outlook 2003 first to see if the problem still exisited.

    If you don't want to use that KB as the note says "Important Do not apply this hotfix if an account lockout policy has been applied." which can be a security issue then we may be able to set the authentication method on Exchange.

    However, you can try two things mentioned above.

    1. Outlook 2003
    2. Use the KB on a test machine, it will only effect that one machine.

    Post your results.

    Thanks
    Sukh

  16. Thanks to sukh from:

    burgemaster (9th March 2011)

  17. #12
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29
    Forgot to mention that we have account lockout policy in place so providing you know your domain setup, its not a problem.... providing care and testing is used of course

  18. Thanks to tarquel from:

    burgemaster (9th March 2011)

  19. #13

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Sorry for the delay, ive been in a meeting. Im back on the case. We do not have the 2003 media here, but will try that KB now.
    Thanks for the help!

  20. #14
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29
    We found not having the setting there much more tempermental than having it there, so worth a shot (on a test/group of machines)

    Outlook 2010 + Exchange = a joy
    Outlook 2007 + Exchange = works
    Outlook 2003 + Exchange = i darent even attempt it

    We're running Exchange 2010 btw (have Exchagne 2007 on a diff domain tho only accessed via OWA), but 2007 is very similar in alot of aways, compared to Exchange 2003 at least, so there is a fair bit that applies to both.

    Cheers.

  21. Thanks to tarquel from:

    burgemaster (9th March 2011)

  22. #15

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Hi,
    I have been looking at the exchange certificates and noticed that the self-cert was saying "exchange this ca root certificate is not trusted to enable trust", I have copied this to the "Trusted Root Certificates" section. I also added the external webmail address to the bypass exempt section in Smoothwall. Maybe one of these or something else has got us back up and working as far as I can see. I have tested with 5 users on differenent machines and all is good!!

    What a nightmare nearly 2 days!! Thanks so much for the help and advice. Will return the favour if I ever can!!
    I just prey that tomorrow AM i wont be posting here again !!!

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange 2007/OWA - Authentication question
    By Ben_Stanton in forum Windows
    Replies: 6
    Last Post: 28th May 2012, 03:09 PM
  2. Moss 2007 - MySite Authentication problem
    By faza in forum Virtual Learning Platforms
    Replies: 17
    Last Post: 25th June 2010, 11:03 AM
  3. Exchange 2007 RPC / HTTP
    By MattGibson in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 20th May 2010, 02:31 PM
  4. Replies: 33
    Last Post: 17th July 2009, 12:12 PM
  5. Security box pop up after installing VNC
    By Kyle in forum Windows
    Replies: 1
    Last Post: 9th October 2008, 11:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •