|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Outlook Anywhere authentication method automatically changedwant our Outlook Anywhere users to use NTLM authentication. However, a few days after configuring their clients to use NTLM authentication, users will report that they are prompted repeatedly to enter their passwords. When I check their settings, I see that their authentication method has automatically been changed to basic authentication. Below is the output of the Get-OutlookAnywhere command in Exchange Management Shell. ServerName : HQMAILSVR SSLOffloading : False ExternalHostname : mail.company.org ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm} MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc Path : C:\WINDOWS\System32\RpcProxy Server : HQMAILSVR AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : HQMAILSVR DistinguishedName : CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= Servers,CN=Exchange Administrative Group (FYDIBOHF 23SPDLT),CN=Administrative Groups,CN=COMPANY,CN=Micr osoft Exchange,CN=Services,CN=Configuration,DC=com pany,DC=org Identity : HQMAILSVR\HQMAILSVR Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 ObjectCategory : company.org/Configuration/Schema/ms-Exch- Rpc-Http-Vi rtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtual Directory} WhenChanged : 2/4/2009 1:49:34 PM WhenCreated : 12/15/2008 1:39:32 PM OriginatingServer : hq_filesvr.company.org IsValid : True I have been trying to fix this issue for weeks to no avail. I'd greatly appreciate any help. You stated that you configured your clients to use NTLM. Outlook 2007? Did
you also configure the Outlook Anywhere portion in the Exchange Management Console/shell to use NTLM? When an Outlook 2007 client does an Autodiscover lookup, the Autodiscover component will configure the client according to the authentication mechanism set on the Exchange Server. Show quoteHide quote "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in message news:a3a33ae6-f7ef-4020-aa16-36acb0234afa@c11g2000yqj.googlegroups.com... > My company runs an Exchange 2007 server and Outlook 2007 clients. I > want our Outlook Anywhere users to use NTLM authentication. However, > a few days after configuring their clients to use NTLM authentication, > users will report that they are prompted repeatedly to enter their > passwords. When I check their settings, I see that their > authentication method has automatically been changed to basic > authentication. > > Below is the output of the Get-OutlookAnywhere command in Exchange > Management Shell. > > > > ServerName : HQMAILSVR > SSLOffloading : False > ExternalHostname : mail.company.org > ClientAuthenticationMethod : Ntlm > IISAuthenticationMethods : {Ntlm} > MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc > Path : C:\WINDOWS\System32\RpcProxy > Server : HQMAILSVR > AdminDisplayName : > ExchangeVersion : 0.1 (8.0.535.0) > Name : HQMAILSVR > DistinguishedName : > CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= > Servers,CN=Exchange Administrative Group > (FYDIBOHF > 23SPDLT),CN=Administrative > Groups,CN=COMPANY,CN=Micr > osoft > Exchange,CN=Services,CN=Configuration,DC=com > pany,DC=org > Identity : HQMAILSVR\HQMAILSVR > Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 > ObjectCategory : company.org/Configuration/Schema/ms-Exch- > Rpc-Http-Vi > rtual-Directory > ObjectClass : {top, msExchVirtualDirectory, > msExchRpcHttpVirtual > Directory} > WhenChanged : 2/4/2009 1:49:34 PM > WhenCreated : 12/15/2008 1:39:32 PM > OriginatingServer : hq_filesvr.company.org > IsValid : True > > > I have been trying to fix this issue for weeks to no avail. I'd > greatly appreciate any help. On Feb 27, 12:30 am, "Elan Shudnow [MVP]"
<SubstituteThisWithMyFirstN***@shudnow.net> wrote: Show quoteHide quote > You stated that you configured your clients to use NTLM. Outlook 2007? Did I think so. The client and IIS authentication methods are both NTLM> you also configure the Outlook Anywhere portion in the Exchange Management > Console/shell to use NTLM? When an Outlook 2007 client does an Autodiscover > lookup, the Autodiscover component will configure the client according to > the authentication mechanism set on the Exchange Server. > > -- > Elan Shudnow > Exchange MVPhttp://www.shudnow.net > > "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in messagenews:a3a33ae6-f7ef-4020-aa16-36acb0234***@c11g2000yqj.googlegroups.com... > > > > > My company runs an Exchange 2007 server and Outlook 2007 clients. I > > want our Outlook Anywhere users to use NTLM authentication. However, > > a few days after configuring their clients to use NTLM authentication, > > users will report that they are prompted repeatedly to enter their > > passwords. When I check their settings, I see that their > > authentication method has automatically been changed to basic > > authentication. > > > Below is the output of the Get-OutlookAnywhere command in Exchange > > Management Shell. > > > ServerName : HQMAILSVR > > SSLOffloading : False > > ExternalHostname : mail.company.org > > ClientAuthenticationMethod : Ntlm > > IISAuthenticationMethods : {Ntlm} > > MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc > > Path : C:\WINDOWS\System32\RpcProxy > > Server : HQMAILSVR > > AdminDisplayName : > > ExchangeVersion : 0.1 (8.0.535.0) > > Name : HQMAILSVR > > DistinguishedName : > > CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= > > Servers,CN=Exchange Administrative Group > > (FYDIBOHF > > 23SPDLT),CN=Administrative > > Groups,CN=COMPANY,CN=Micr > > osoft > > Exchange,CN=Services,CN=Configuration,DC=com > > pany,DC=org > > Identity : HQMAILSVR\HQMAILSVR > > Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 > > ObjectCategory : company.org/Configuration/Schema/ms-Exch- > > Rpc-Http-Vi > > rtual-Directory > > ObjectClass : {top, msExchVirtualDirectory, > > msExchRpcHttpVirtual > > Directory} > > WhenChanged : 2/4/2009 1:49:34 PM > > WhenCreated : 12/15/2008 1:39:32 PM > > OriginatingServer : hq_filesvr.company.org > > IsValid : True > > > I have been trying to fix this issue for weeks to no avail. I'd > > greatly appreciate any help.- Hide quoted text - > > - Show quoted text - only according to the output of Get-OutlookAnywhere. The client authentication method is listed as NTLM in the properties of the CAS in Exchange Management Console as well. Joey Joe Joe Junior Shabbadoo submitted this idea :
Show quoteHide quote > On Feb 27, 12:30 am, "Elan Shudnow [MVP]" is there a group policy set for the office installation on your > <SubstituteThisWithMyFirstN***@shudnow.net> wrote: >> You stated that you configured your clients to use NTLM. Outlook 2007? Did >> you also configure the Outlook Anywhere portion in the Exchange Management >> Console/shell to use NTLM? When an Outlook 2007 client does an Autodiscover >> lookup, the Autodiscover component will configure the client according to >> the authentication mechanism set on the Exchange Server. >> >> -- >> Elan Shudnow >> Exchange MVPhttp://www.shudnow.net >> >> "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in >> messagenews:a3a33ae6-f7ef-4020-aa16-36acb0234***@c11g2000yqj.googlegroups.com... >> >> >> >>> My company runs an Exchange 2007 server and Outlook 2007 clients. I >>> want our Outlook Anywhere users to use NTLM authentication. However, >>> a few days after configuring their clients to use NTLM authentication, >>> users will report that they are prompted repeatedly to enter their >>> passwords. When I check their settings, I see that their >>> authentication method has automatically been changed to basic >>> authentication. >> >>> Below is the output of the Get-OutlookAnywhere command in Exchange >>> Management Shell. >> >>> ServerName : HQMAILSVR >>> SSLOffloading : False >>> ExternalHostname : mail.company.org >>> ClientAuthenticationMethod : Ntlm >>> IISAuthenticationMethods : {Ntlm} >>> MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc >>> Path : C:\WINDOWS\System32\RpcProxy >>> Server : HQMAILSVR >>> AdminDisplayName : >>> ExchangeVersion : 0.1 (8.0.535.0) >>> Name : HQMAILSVR >>> DistinguishedName : >>> CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= >>> Servers,CN=Exchange Administrative Group >>> (FYDIBOHF >>> 23SPDLT),CN=Administrative >>> Groups,CN=COMPANY,CN=Micr >>> osoft >>> Exchange,CN=Services,CN=Configuration,DC=com >>> pany,DC=org >>> Identity : HQMAILSVR\HQMAILSVR >>> Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 >>> ObjectCategory : company.org/Configuration/Schema/ms-Exch- >>> Rpc-Http-Vi >>> rtual-Directory >>> ObjectClass : {top, msExchVirtualDirectory, >>> msExchRpcHttpVirtual >>> Directory} >>> WhenChanged : 2/4/2009 1:49:34 PM >>> WhenCreated : 12/15/2008 1:39:32 PM >>> OriginatingServer : hq_filesvr.company.org >>> IsValid : True >> >>> I have been trying to fix this issue for weeks to no avail. I'd >>> greatly appreciate any help.- Hide quoted text - >> >> - Show quoted text - > I think so. The client and IIS authentication methods are both NTLM > only according to the output of Get-OutlookAnywhere. The client > authentication method is listed as NTLM in the properties of the CAS > in Exchange Management Console as well. clients? I had the same issue because I had a GPO that made outlook only use kerberos for authentication after a while I found out everything was working automagically when setting it to kerberos/NTLM grtz On Feb 27, 8:05 am, chriske911 <chriske911n***@m.yahoo.com> wrote:
Show quoteHide quote > Joey Joe Joe Junior Shabbadoo submitted this idea : I did have the problem that you had at two of our sites, but I changed> > > > > > > On Feb 27, 12:30 am, "Elan Shudnow [MVP]" > > <SubstituteThisWithMyFirstN***@shudnow.net> wrote: > >> You stated that you configured your clients to use NTLM. Outlook 2007? Did > >> you also configure the Outlook Anywhere portion in the Exchange Management > >> Console/shell to use NTLM? When an Outlook 2007 client does an Autodiscover > >> lookup, the Autodiscover component will configure the client according to > >> the authentication mechanism set on the Exchange Server. > > >> -- > >> Elan Shudnow > >> Exchange MVPhttp://www.shudnow.net > > >> "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in > >> messagenews:a3a33ae6-f7ef-4020-aa16-36acb0234***@c11g2000yqj.googlegroups.com... > > >>> My company runs an Exchange 2007 server and Outlook 2007 clients. I > >>> want our Outlook Anywhere users to use NTLM authentication. However, > >>> a few days after configuring their clients to use NTLM authentication, > >>> users will report that they are prompted repeatedly to enter their > >>> passwords. When I check their settings, I see that their > >>> authentication method has automatically been changed to basic > >>> authentication. > > >>> Below is the output of the Get-OutlookAnywhere command in Exchange > >>> Management Shell. > > >>> ServerName : HQMAILSVR > >>> SSLOffloading : False > >>> ExternalHostname : mail.company.org > >>> ClientAuthenticationMethod : Ntlm > >>> IISAuthenticationMethods : {Ntlm} > >>> MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc > >>> Path : C:\WINDOWS\System32\RpcProxy > >>> Server : HQMAILSVR > >>> AdminDisplayName : > >>> ExchangeVersion : 0.1 (8.0.535.0) > >>> Name : HQMAILSVR > >>> DistinguishedName : > >>> CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= > >>> Servers,CN=Exchange Administrative Group > >>> (FYDIBOHF > >>> 23SPDLT),CN=Administrative > >>> Groups,CN=COMPANY,CN=Micr > >>> osoft > >>> Exchange,CN=Services,CN=Configuration,DC=com > >>> pany,DC=org > >>> Identity : HQMAILSVR\HQMAILSVR > >>> Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 > >>> ObjectCategory : company.org/Configuration/Schema/ms-Exch- > >>> Rpc-Http-Vi > >>> rtual-Directory > >>> ObjectClass : {top, msExchVirtualDirectory, > >>> msExchRpcHttpVirtual > >>> Directory} > >>> WhenChanged : 2/4/2009 1:49:34 PM > >>> WhenCreated : 12/15/2008 1:39:32 PM > >>> OriginatingServer : hq_filesvr.company.org > >>> IsValid : True > > >>> I have been trying to fix this issue for weeks to no avail. I'd > >>> greatly appreciate any help.- Hide quoted text - > > >> - Show quoted text - > > I think so. The client and IIS authentication methods are both NTLM > > only according to the output of Get-OutlookAnywhere. The client > > authentication method is listed as NTLM in the properties of the CAS > > in Exchange Management Console as well. > > is there a group policy set for the office installation on your > clients? > I had the same issue because I had a GPO that made outlook only use > kerberos for authentication > after a while I found out everything was working automagically when > setting it to kerberos/NTLM > > grtz- Hide quoted text - > > - Show quoted text - the option from "Kerberos Authentication" to "Not configured." I'll try setting the value to "Kerberos/NTLM." On Feb 27, 8:05 am, chriske911 <chriske911n***@m.yahoo.com> wrote:
Show quoteHide quote > Joey Joe Joe Junior Shabbadoo submitted this idea : Thanks, but I didn't have any luck. I tried using a GPO to set the> > > > > > > On Feb 27, 12:30 am, "Elan Shudnow [MVP]" > > <SubstituteThisWithMyFirstN***@shudnow.net> wrote: > >> You stated that you configured your clients to use NTLM. Outlook 2007? Did > >> you also configure the Outlook Anywhere portion in the Exchange Management > >> Console/shell to use NTLM? When an Outlook 2007 client does an Autodiscover > >> lookup, the Autodiscover component will configure the client according to > >> the authentication mechanism set on the Exchange Server. > > >> -- > >> Elan Shudnow > >> Exchange MVPhttp://www.shudnow.net > > >> "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in > >> messagenews:a3a33ae6-f7ef-4020-aa16-36acb0234***@c11g2000yqj.googlegroups.com... > > >>> My company runs an Exchange 2007 server and Outlook 2007 clients. I > >>> want our Outlook Anywhere users to use NTLM authentication. However, > >>> a few days after configuring their clients to use NTLM authentication, > >>> users will report that they are prompted repeatedly to enter their > >>> passwords. When I check their settings, I see that their > >>> authentication method has automatically been changed to basic > >>> authentication. > > >>> Below is the output of the Get-OutlookAnywhere command in Exchange > >>> Management Shell. > > >>> ServerName : HQMAILSVR > >>> SSLOffloading : False > >>> ExternalHostname : mail.company.org > >>> ClientAuthenticationMethod : Ntlm > >>> IISAuthenticationMethods : {Ntlm} > >>> MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc > >>> Path : C:\WINDOWS\System32\RpcProxy > >>> Server : HQMAILSVR > >>> AdminDisplayName : > >>> ExchangeVersion : 0.1 (8.0.535.0) > >>> Name : HQMAILSVR > >>> DistinguishedName : > >>> CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= > >>> Servers,CN=Exchange Administrative Group > >>> (FYDIBOHF > >>> 23SPDLT),CN=Administrative > >>> Groups,CN=COMPANY,CN=Micr > >>> osoft > >>> Exchange,CN=Services,CN=Configuration,DC=com > >>> pany,DC=org > >>> Identity : HQMAILSVR\HQMAILSVR > >>> Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 > >>> ObjectCategory : company.org/Configuration/Schema/ms-Exch- > >>> Rpc-Http-Vi > >>> rtual-Directory > >>> ObjectClass : {top, msExchVirtualDirectory, > >>> msExchRpcHttpVirtual > >>> Directory} > >>> WhenChanged : 2/4/2009 1:49:34 PM > >>> WhenCreated : 12/15/2008 1:39:32 PM > >>> OriginatingServer : hq_filesvr.company.org > >>> IsValid : True > > >>> I have been trying to fix this issue for weeks to no avail. I'd > >>> greatly appreciate any help.- Hide quoted text - > > >> - Show quoted text - > > I think so. The client and IIS authentication methods are both NTLM > > only according to the output of Get-OutlookAnywhere. The client > > authentication method is listed as NTLM in the properties of the CAS > > in Exchange Management Console as well. > > is there a group policy set for the office installation on your > clients? > I had the same issue because I had a GPO that made outlook only use > kerberos for authentication > after a while I found out everything was working automagically when > setting it to kerberos/NTLM > > grtz- Hide quoted text - > > - Show quoted text - authentication method to Kerberos/NTLM. When that didn't work, I tried just NTLM. These changes had no effect on the clients. Joey Joe Joe Junior Shabbadoo explained on 27/02/2009 :
Show quoteHide quote > On Feb 27, 8:05 am, chriske911 <chriske911n***@m.yahoo.com> wrote: are you sure NTLM is possible with your network setup?>> Joey Joe Joe Junior Shabbadoo submitted this idea : >> >> >> >> >> >>> On Feb 27, 12:30 am, "Elan Shudnow [MVP]" >>> <SubstituteThisWithMyFirstN***@shudnow.net> wrote: >>>> You stated that you configured your clients to use NTLM. Outlook 2007? >>>> Did you also configure the Outlook Anywhere portion in the Exchange >>>> Management Console/shell to use NTLM? When an Outlook 2007 client does an >>>> Autodiscover lookup, the Autodiscover component will configure the client >>>> according to the authentication mechanism set on the Exchange Server. >>>> -- >>>> Elan Shudnow >>>> Exchange MVPhttp://www.shudnow.net >> >>>> "Joey Joe Joe Junior Shabbadoo" <robwe***@gmail.com> wrote in >>>> messagenews:a3a33ae6-f7ef-4020-aa16-36acb0234***@c11g2000yqj.googlegroups.com... >>>>> My company runs an Exchange 2007 server and Outlook 2007 clients. I >>>>> want our Outlook Anywhere users to use NTLM authentication. However, >>>>> a few days after configuring their clients to use NTLM authentication, >>>>> users will report that they are prompted repeatedly to enter their >>>>> passwords. When I check their settings, I see that their >>>>> authentication method has automatically been changed to basic >>>>> authentication. >> >>>>> Below is the output of the Get-OutlookAnywhere command in Exchange >>>>> Management Shell. >> >>>>> ServerName : HQMAILSVR >>>>> SSLOffloading : False >>>>> ExternalHostname : mail.company.org >>>>> ClientAuthenticationMethod : Ntlm >>>>> IISAuthenticationMethods : {Ntlm} >>>>> MetabasePath : IIS://HQMAILSVR.company.org/W3SVC/1/ROOT/Rpc >>>>> Path : C:\WINDOWS\System32\RpcProxy >>>>> Server : HQMAILSVR >>>>> AdminDisplayName : >>>>> ExchangeVersion : 0.1 (8.0.535.0) >>>>> Name : HQMAILSVR >>>>> DistinguishedName : >>>>> CN=HQMAILSVR,CN=HTTP,CN=Protocols,CN=HQMAILSVR,CN= >>>>> Servers,CN=Exchange Administrative Group >>>>> (FYDIBOHF >>>>> 23SPDLT),CN=Administrative >>>>> Groups,CN=COMPANY,CN=Micr >>>>> osoft >>>>> Exchange,CN=Services,CN=Configuration,DC=com >>>>> pany,DC=org >>>>> Identity : HQMAILSVR\HQMAILSVR >>>>> Guid : 6b57530a-8d83-4e84-91a1-bed7cf3f2c97 >>>>> ObjectCategory : company.org/Configuration/Schema/ms-Exch- >>>>> Rpc-Http-Vi >>>>> rtual-Directory >>>>> ObjectClass : {top, msExchVirtualDirectory, >>>>> msExchRpcHttpVirtual >>>>> Directory} >>>>> WhenChanged : 2/4/2009 1:49:34 PM >>>>> WhenCreated : 12/15/2008 1:39:32 PM >>>>> OriginatingServer : hq_filesvr.company.org >>>>> IsValid : True >> >>>>> I have been trying to fix this issue for weeks to no avail. I'd >>>>> greatly appreciate any help.- Hide quoted text - >>>> - Show quoted text - >>> I think so. The client and IIS authentication methods are both NTLM >>> only according to the output of Get-OutlookAnywhere. The client >>> authentication method is listed as NTLM in the properties of the CAS >>> in Exchange Management Console as well. >> >> is there a group policy set for the office installation on your >> clients? >> I had the same issue because I had a GPO that made outlook only use >> kerberos for authentication >> after a while I found out everything was working automagically when >> setting it to kerberos/NTLM >> >> grtz- Hide quoted text - >> >> - Show quoted text - > Thanks, but I didn't have any luck. I tried using a GPO to set the > authentication method to Kerberos/NTLM. When that didn't work, I > tried just NTLM. These changes had no effect on the clients. try another application that handles NTLM authentication I believe Internet Explorer does this for sites in the intranet zone so open up IE and browse to an internal hosted website requiring authentication (like sharepoint) and make sure it is recognized as intranet by using netbios name or adding the complete URL to the intranet zone grtz  
Thread options
Other interesting topics
what comes with Exchange Server 2007
How do i close an already open port? SAN Certificate on NLBC CAS Nodes Exchange not saving e-mail on server by default. Delivery to the following recipients has been delayed Outlook Web Access - Password issue Brought new Exchange server online and want to retire the primary Exchange 2007 Certificate Failover SCR - ESEUTIL /R /A - how much Time ? Exchange 2007 Migration questions |
|||||||||||||||||||||||
