Wednesday, June 3, 2009

Outlook Anywhere keeps prompting for Password

I came accross this case where outlook kept prompting for login every time a user tried to login to outlook via outlook anywhere. They would enter their credentials, then it would just reprompt them for login.

It turned out to be the certificate... Outlook anywhere does not allow for Subject Alternate Names on certificates like OWA (Outlook Web Access), and OMA (Outlook Mobile Access) do. This company had the same dns name space internally as what they use externally, and registered their certificate to be that of the host name of their old exchange server!!! (yuck). In result I just ignored it and used a subject alternate name that of webmail which they also registered for all services. Bottom line - Outlook Anywhere will not use subject alternative names, only the correct issued to: name of the certificate. I did not find this documented anywhere!





Here is where this is located by default in outlook:



Exchange Autodiscover sets this to msstd: which is in this case webmail.domain... however in our case its toph-exchange.domain...

To get autodiscover to distribute this new one enter in:

Set-OutlookProvider EXPR -Server exch01 -CertPrincipalName "msstd:toph-exchange.restofdomain..."

You only need to set this on the EXPR outlook provider as this is the provider that deals with outlook anywhere.

Please note this is only one fix for when outlook continiously prompts for authentication - there are many causes for this symptom but I documented this one as I have never seen this before nore seen any documentation around this on the internet.

10 comments:

  1. Wow thanks for the spam you loser!

    ReplyDelete
  2. Haha! Gotta love the foreigner spam post with the stellar grammar "The application decided my trouble very rapidly" So what kind of trouble did the app tell you, you were in? That's rhetorical, by the way. :)

    ReplyDelete
  3. This post saved me from a very huge headache!!

    ReplyDelete
  4. The unfortunate part about it is they're getting quite a bit of SEO exposure with these tactics if the blog/forum/etc doesn't remove it. Since the practice works with very little cost, they'll absolutely keep doing it. "Alex" here isn't the asshole - the ones who pay him are. As long as there's an ROI, they're simply not going to feel bad about it either.

    ReplyDelete
  5. I was having this issue specifically with an Outlook 2007 client. Seems like other versions of Outlook were working fine. Anyway, setting the EXPR Outlook Provider as described did the trick. Thanks!

    ReplyDelete
  6. I owe you an alcoholic beverage my friend. This post saved me from a nervous breakdown!

    ReplyDelete
  7. This only seems to be an issue with XP clients. Vista and Win 7/8 are ok with this. Note that Office 365 redirection to on-premise public folders uses Outlook Anywhere and is where I first noticed this affected XP only.

    ReplyDelete
  8. thank you, this website has provided very cara memperbesar penis useful knowledge for me and others

    ReplyDelete