Options

Strange Outlook Anywhere Issue

undomielundomiel Member Posts: 2,818
in Off-Topic
We've got a user that yesterday suddenly could no longer access the server over Outlook Anywhere. One other user impact as well, though she seems to be fine today. When he attempts to access the server it just keeps coming back asking for credentials. Can't configure a new profile either as the same thing comes back, using either autodiscover or manual configuration. Other people at the same site are fine, and we can configure his account on other systems, both Outlook 2003 and 2007. He's using 2007 on his system. The other person that the same thing was happening to we did not take a look at her pc, and it now seems to be cleared up today for her without any intervention. No new updates installed nor had the Exchange 2007 server configuration been changed at all either. Any ideas for troubleshooting would be appreciated. DNS is resolving just fine, firewall has been disabled on his machine as well as any content filtering. I'll be able to remote into his machine later today so any ideas would be great.
Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
· Share on FacebookShare on Twitter

Comments

  • Options
    rsuttonrsutton Member Posts: 1,029 ■■■■■□□□□□
    It sounds like you already know what to look for but the first that comes to mind for me is DNS/certs. Are you using a 3rd party trusted cert or self-signed? If the latter, you may try reinstalling the cert.
    · Share on FacebookShare on Twitter
  • Options
    ClaymooreClaymoore Member Posts: 1,637
    Are the CAS servers virtualized and/or load balanced? I had a client who had continual authentication prompts because of NLB'd virtual CAS servers on separate physical VMWare hosts. Not all of the VMWare physical NICs were included in the static ARP mapping on the switches. This should be affecting everyone though, not just him.
    VMware Self-Service- Sample Configuration - Network Load Balancing (NLB) Multicast mode over routed subnet - Cisco Switch Static ARP Configuration

    Is Outlook Anywhere set up to use Basic or NTLM authentication? It is possible that the autodiscover website isn't correctly assigned to the intranet zone and NTLM credentials aren't being passed automatically. Basic should prompt him all the time unless the password is cached.

    This site may be of some use for testing:
    https://www.testexchangeconnectivity.com/Default.aspx
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • Options
    undomielundomiel Member Posts: 2,818
    Ok, we found the problem. Autodiscover was propogating the Only connect to proxy servers that have this principal name in their certificate option with the external address. This would normally be correct and fine and dandy but we use a rapid ssl wildcard certificate instead of a san certificate apparently because we like to cut costs. Thusly having to stop autodiscover from setting that option. I'm not sure why this would work on some machines but suddenly magically not work on others but after disabling that option it fixed the problem. I wasn't given the opportunity to dig in deeper.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
Sign In or Register to comment.