Outlook continually prompting for username and password — Exchange Autodiscover

Autodiscover allows you to automatically configure Outlook 2007 clients, but, there is a lot more behind the Autodiscover functionality. When you have issues with the Out-of-Office or Free/Busy information in Outlook 2007 in combination with Exchange Server 2010 (or Outlook 2010 and Exchange Server 2010) it is likely that it is caused by a misconfiguration in the Autodiscover configuration.

Autodiscover information is stored in a so called SCP or Service Connection Point. You can view this SCP using Active Directory Sites and Services after you have enabled the “View Services Node” option:

When installing the Client Access Server (Autodiscover is part of this Server Role) the SCP is automatically created in Active Directory and configured with the default values. If you have multiple CAS Servers there will be multiple SCP’s as well.

When Outlook 2007 is installed on a domain joined workstation then the Outlook client will query Active Directory for the Autodiscover information. Active Directory will return a list of SCP’s and the Outlook client will automatically select the first SCP in this list. Using the information found in the SCP the Outlook client will contact the Client Access Server for its configuration information and the Outlook client will be configured automatically.

Non-domain clients are a bit trickier to configure since they will not query the Active Directory. Because of this non-domain clients try to retrieve information using the Autodiscover website. The FQDN that the Outlook client will use is based on the SMTP address that is used when starting the Outlook 2010 client the first time. So, when an e-mail address vvadher@Avtargroup.co.in is entered, the Outlook client will start trying to connect to the Client Access Server using HTTPS. There are several URL’s that Oulook will use, but the most important is https://autodiscover.avtargroup.co.in.

Most people are missing is the autodiscover.domainname.com (where domainname.com) is the part after the @ in your e-mail address. Newer versions of outlook will look for this for OAB download, free/busy information, Out of Office etc etc. If it’s not there then outlook will continually give user prompts. To accompany this you must have an SSL Certificate that contains the autodiscover.domainname.com URL (whilst you can configure ways around this, it really isn’t worth all the hastle). So purchasing an SAN/UCC Certificate with the following names in is a must for Exchange 2007 and Exchange 2010:

  • autodiscover.domainname.com
  • owa.domainname.com (the URL used for Outlook Web Access)
  • servername.domainname.local (the internal FQDN of your Exchange Server)
  • SERVERNAME (NETBIOS Name of your Server)

 

If you have all the above configured and you are still experiencing problems then the following procedure will more than likely fix it for you. It has been working a lot for me lately and also for people asking questions on Experts Exchange.

In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if your not using SBS then they will be under the Default Website.

The virtual Directories you are looking for are:

  1. Autodiscover
  2. EWS
  3. RPC
  4. OAB

In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.

More Reference :-

http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html

http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover-part2.html

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s