We had a client who had some issues with Exchagne 2007 running on Windows 2008 using IIS default Authentication. The end users were continuously prompted for their password so Outlook Anywhere was not functioning as it was supposed to in this case. Below is a summary of the issue as well as the fix.
The following solution has been provided to resolve your issue: Outlook Anywhere is not working on "BHC-EXC-CAS1" Server. Error "Outlook Users prompt for password"
Environment: Windows 2008, Exchange 2007 SP1. A summary of the solution is detailed below.
1. Symptom - outlook users are being prompted for credentials
2. Cause - Authentication was not proper on Autodiscover, EWS virtual directory
3. Resolution –
· Set Autodiscover virtual directory with Basic and Integrated
· Set EWS virtual directory with Windows Integrated
· Tried to browse https://mail.clientserver.com/ews/exchange.asmx and got Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
· On ISA firewall we configure delegation
· Checked and confirm that outlook anywhere works
Related Knowledge Base Articles
=========================
Wildcard Certificate Causes Client Connectivity Issues for Outlook Anywhere
http://technet.microsoft.com/en-us/library/cc535023.aspx
Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
How to Enable Outlook Anywhere
http://technet.microsoft.com/en-us/library/bb123889(EXCHG.80).aspx
White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063.aspx
Default settings for Exchange-related virtual directories in Exchange Server 2007
Ref: http://msexchangeteam.com/archive/2008/02/01/447989.aspx
These settings hold true for both Exchange 2007 RTM and Service Pack 1.
|
Exchange 2007 Client Access Server
|
|
Location
|
Authentication
|
SSL Setting
|
Comments
|
|
Default Web Site
|
Anonymous
|
Required
|
"Enable HTTP Keep-Alives" setting should be enabled on Web Site tab
|
|
/Owa
|
Basic
|
Required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Exchange
|
Basic
|
Required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Public
|
Basic
|
Required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Exchweb
|
Basic
|
Required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Oab
|
Integrated
|
Not required
|
|
|
/Autodiscover
|
Basic and Integrated
|
Required
|
|
|
/Ews
|
Integrated
|
Required
|
|
|
/UnifiedMessaging
|
Integrated
|
Required
|
|
|
/Microsoft-Server-Activesync
|
Basic
|
Required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Rpc
|
Basic and Integrated
|
Required
|
Technically, this is a Windows component but I've added it here since Outlook Anywhere depends on the installation of this virtual directory
|
|
|
|
|
|
Exchange 2007 Mailbox Server
|
|
Location
|
Authentication
|
SSL Setting
|
Comments
|
|
Default Web Site
|
Anonymous
|
Not required
|
|
|
/Exadmin
|
Basic and Integrated
|
Not required
|
|
|
/Exchange
|
Basic and Integrated
|
Not required
|
Management of authentication setting should be done in Exchange Management Console
|
|
/Public
|
Basic and Integrated
|
Not required
|
Management of authentication setting should be done in Exchange Management Console
|