I've set up a new infrastructure for our network with a 2k12 DC and a 2k12 member running Exchange 2013. The internal domain is set up like ad.domainname.com and I've configured mailflow for domain.com on Exchange which works perfectly. Internal autodiscover works like a charm and with https://testconnectivity.microsoft.com/ I get green results for the autodiscover.domain.com on activesync, autosetup and outlook connectivity. I've used a comodo wildcard ssl certificate for the domain.

However when I try to use autosetup on outlook it gives a password prompt on both the 2nd and 3rd step which I have to enter like domainname\username to get past them. After that it works fine but I want it to configure automatically without the extra password prompt.

On mobile devices it searches for the settings and then asks for the servername and domain credentials. I would like this to be auto configured as well but I can't find the reason why it prompts for this.

 I recommend you change the property IISAuthenticationMethods to the value: Basic, NTLM, and Negotiate. It sounds like you upgraded to 2013 and something either was missed in IIS Auth. settings or changed. You will need to run IISreset after making these changes.

Reference: http://www.umtsolutions.com/Blog/Post/11/Exchange-2013-Outlook-Anywhere-Settings

Exchange 2013 CU1 behavior

On Exchange 2013 CU1 deployed on Windows Server 2012, setting Outlook Anywhere's external host name will modify the values of Internal Client Authentication Method and IIS Authentication Methods to Negotiate. During coexistence with Exchange 2010, Internal Client Authentication Method should be set to Ntlm while IIS Authentication Methods should be set to Basic, Ntlm and Negotiate by running following from Exchange Management Shell

Set-OutlookAnywhere -Identity:"EX2013\rpc (Default Web Site)" -InternalClientAuthenticationMethod:Ntlm

Set-OutlookAnywhere -Identity:"EX2013\rpc (Default Web Site)" -IISAuthenticationMethods Basic,NTLM,Negotiate

I've set up a new infrastructure for our network with a 2k12 DC and a 2k12 member running Exchange 2013. The internal domain is set up like ad.domainname.com and I've configured mailflow for domain.com on Exchange which works perfectly. Internal autodiscover works like a charm and with https://testconnectivity.microsoft.com/ I get green results for the autodiscover.domain.com on activesync, autosetup and outlook connectivity. I've used a comodo wildcard ssl certificate for the domain.

However when I try to use autosetup on outlook it gives a password prompt on both the 2nd and 3rd step which I have to enter like domainname\username to get past them. After that it works fine but I want it to configure automatically without the extra password prompt.

On mobile devices it searches for the settings and then asks for the servername and domain credentials. I would like this to be auto configured as well but I can't find the reason why it prompts for this.

For the Outlook setup are you using a Domain joined computer or a nondomain joined computer?  For NonDomain joined computer you will always get prompted for a password because there is no AD Security token to send to Exchange to verify.  Same thing with ActiveSync.  Your phone isn't joined to the domain, so it has to ask for a password to verify your identity.

Hi orrie,

Thank you for your question.

I agree with Hintes suggestion.

When we are in internal, we run outlook without password prompt because when we login window operation system, we have been typed username and password. We didnt type username and password when IIS use NTLM authentication

When we are in external, we didnt login domain ahead,  when we open outlook, we need to logion domain then use outlook. So we should prompt password when we are in external using outlook.

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

Thanks, this fixed a part of my problem. I only get 1 request for the domain username/password prompt now.

The machine with the issue is a non domain joined computer.  I do fill in the password that belongs to the user in the first setup screen when I type the email address. What it doesn't seem to do is convert that email address to a domain logon. As the internal logon for the user is user@ad.domain.com and not user@domain.com.

I've set up Office 365 for friends and those auto setups don't prompt for the extra logon and auto finds the emailserver details on the mobile phone as well.

I would like it to work that way as well so I don't get users asking me for domainnames, servernames etc to configure their email. Just their email and password they use to access the owa/domain computer.

Maybe it isn't possible but if it is I would like to set it up that way.