Hi all,
We are in the middle of transition from Exchange 2010 SP3 to Exchange 2013 CU8 and everything works fine except external Outlook Anywhere. We are publishing the Exchange services through TMG 2010 and we are using Basic for external clients, which worked great for Exchange 2010. Now, using the same rules, Outlook (2013) clients fail to authenticate to Exchange from external (internet) connections.
The current settings:
Get-OutlookAnywhere | FL ServerName, *auth*ServerName : 2010
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
ServerName : 2013
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
For clients that are still on 2010 everything works perfect, both internal and external connections. For clients migrated or newly created on 2013, it work from internal but keep on asking for password from external. If I manually change the Authentication for Exchange proxy settings from NTLM to Basic than it work OK from external as well - BUT this setting is changed back to NTLM after every restart of the Outlook client. It seems that Autodiscover is pushing the wrong settings, even though the settings are correct. Here is the XML:
<?xml version="1.0" encoding="utf-8"?><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>XXXXXXXXXXXXXXXXXXXXXX</DisplayName>
<LegacyDN>XXXXXXXXXXXXXXXXXXXXXX</LegacyDN>
<AutoDiscoverSMTPAddress>XXXXXXXXXXXXXXXXXXXXXX</AutoDiscoverSMTPAddress>
<DeploymentId>XXXXXXXXXXXXXXXXXXXXXX</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>XXXXXXXXXXXXXXXXXXXXXX</Server>
<ServerDN>XXXXXXXXXXXXXXXXXXXXXX</ServerDN>
<ServerVersion>73C08434</ServerVersion>
<MdbDN>XXXXXXXXXXXXXXXXXXXXXX</MdbDN>
<PublicFolderServer>webmail.nspyre.nl</PublicFolderServer>
<AD>XXXXXXXXXXXXXXXXXXXXXX</AD>
<ASUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.nspyre.nl/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=nspyre.nl</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=nspyre.nl</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=nspyre.nl</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=nspyre.nl</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=nspyre.nl</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=nspyre.nl</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=nspyre.nl</EcpUrl-extinstall>
<OOFUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.nspyre.nl/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.nspyre.nl/OAB/3cde2ebe-e722-44e5-849d-7f6cd94b51fa/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
<CertPrincipalName>msstd:*.nspyre.nl</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.nspyre.nl</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EmwsUrl>
<OOFUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.nspyre.nl/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.nspyre.nl/OAB/3cde2ebe-e722-44e5-849d-7f6cd94b51fa/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<CertPrincipalName>msstd:*.nspyre.nl</CertPrincipalName>
<EwsPartnerUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EwsPartnerUrl>
<GroupingInformation>DataCenters</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Ntlm, WindowsIntegrated">https://webmail.nspyre.nl/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.nspyre.nl</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.nspyre.nl/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=nspyre.nl</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=nspyre.nl</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=nspyre.nl</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=nspyre.nl</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=nspyre.nl</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=nspyre.nl</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=nspyre.nl</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=nspyre.nl</EcpUrl-extinstall>
<OOFUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.nspyre.nl/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.nspyre.nl/OAB/3cde2ebe-e722-44e5-849d-7f6cd94b51fa/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:*.nspyre.nl</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.nspyre.nl</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</EmwsUrl>
<OOFUrl>https://webmail.nspyre.nl/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.nspyre.nl/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.nspyre.nl/OAB/3cde2ebe-e722-44e5-849d-7f6cd94b51fa/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:*.nspyre.nl</CertPrincipalName>
</Protocol>
</Account>
</Response>
</Autodiscover>
How can I force Outlook clients (domain joined and workgroup) to get Basic authentication from Autodiscover? Any help will be greatly appreciated as I have already spent a huge amount of time and neurons on this issue.
Thank you so very much for your help.
Marian