Continuous Password Prompt

Users of Exchange Server 2013 or later or Exchange Online can’t open public folders or shared mailboxes on a legacy Exchange server Consider the following scenarios:
  • You have an on-premises deployment, in which Microsoft Exchange Server 2013 is installed in an existing Exchange Server 2010 or Exchange Server 2007 organization.
  • You have an on-premises deployment, in which Exchange Server 2016 is installed in an existing Exchange Server 2010 organization.
  • You have a hybrid deployment of Exchange Server and Exchange Online in Office 365, in which the hybrid server is running Exchange Server 2013 or later.

In either of these scenarios, users who have a mailbox on Exchange 2013 or later or Exchange Online are constantly prompted for credentials. If the users click Cancel when they are prompted for credentials, they can access their mailboxes. However, they can’t open the following resources:
  • A shared mailbox or a shared calendar of the mailbox in Exchange Server 2010 or Exchange Server 2007
  • A public folder in Exchange Server 2010 or Exchange Server 2007
Additionally, users receive the following error message: Cannot expand the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance. Cause This issue occurs if the Logon network security option in Microsoft Outlook is set to Anonymous Authentication. If you manually change the setting to something else, the Autodiscover service will change it back to Anonymous Authentication. (Refer the following screen shot)
If Outlook Anywhere is configured by using one of the following combinations, the Autodiscover service sends “Anonymous” to the Outlook clients as the Logon network security option:
  • “ExternalHostName” is set, and “ExternalClientAuthenticationMethod” is set to Negotiate. (Refer the following screen shot)
  • “InternaClientlAuthenticationMethod” is set to Negotiate, and “InternalClientRequireSSL” is set to True. (Refer the following screen shot)
Resolution To resolve this issue, follow these steps:
  1. Run the Get-OutlookAnywhere cmdlet to verify the Outlook Anywhere settings on the Exchange server. The following example retrieves all Outlook Anywhere settings on the Exch1 server. Get-OutlookAnywhere -Server Exch1
  2. If “ExternalHostName” is set, and “ExternalClientAuthenticationMethod” is Negotiate, change “ExternalClientAuthenticationMethod” to something other than Negotiate. The following example sets “ExternalClientAuthenticationMethod” to NTLM for the Exch1 server. Get-OutlookAnywhere -Server Exch1| Set-OutlookAnywhere -ExternalClientAuthenticationMethod NTLM
  3. If “InternaClientlAuthenticationMethod” is set to Negotiate, and “InternalRequireSSL” is True, change “InternalClientAuthenticationMethod” to something other than Negotiate, or change “InternalRequireSSL” toFalse. The following example sets “InternalClientAuthenticationMethod” to NTLM for the Exch1 server: Get-OutlookAnywhere -Server exch1 | Set-OutlookAnywhere -InternalClientAuthenticationMethod NTLM The following example sets “InternalRequireSSL” to False for the Exch1 server: Get-OutlookAnywhere -Server exch1 | Set-OutlookAnywhere -InternalClientsRequireSSL $False
  4. The new settings should be applied on the Outlook clients the next time that they send a request to the Autodiscover service. Or, you can manually change the settings.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s