Outlook ask for credentials when user mailbox is moved to another database
Hi all,
Environment:
- Exchange 2010 SP2 RU3
- 2 servers with 3 roles: Mailbox, Client Access and Hub transport
- Hardware load balancer is used.
- DAG configured
- Outlook anywhere Enabled. Basic Authentication
- All databases belong to the same Client Access Array
- Users have same UPN as email address
When a user mailbox is moved from a database to another one, user get a prompt in his Outlook 2010 asking for credentials. I think this should be transparent to end users. The source and target mailboxes belongs to the same Client Access Array. This happens
to users with Outlook cache enabled and Outlook without cache.
Is this normal behaviour? Or is caused do tue Outlook Anywhere authentication?
Thanks in advance
July 13th, 2012 4:03pm
Hi,
If you have outlook anywhere enabled, often the login box will prompt for credentials, as the outlook client switches from a TCP to a RPC/HTTP connection. To troubleshoot this, uncheck Connect to Microsoft Exchange using HTTP
in outlook clients and do a moveRegards from www.windowsadmin.info | www.blog.windowsadmin.info
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 2:50am
Thanks ManU for your response,
Not always ask for credentials to connect to Outlook Anywhere, some times in the credential windows appears the mailbox server name...
I think that uncheck "Connect to Microsoft Exchange using HTTP" is not an option, because I have about 2000 mailboxes.... When I do maintenance tasks, I cannot change this parameter
July 16th, 2012 3:23am
Hi,
Have you enabled Kerberos authentication in your exchange servers? CAS array, by default won't support Kerberos. So configure kerberos authentication for the CAS Array and test the behaviour then.
I found a good refernce here:
http://setspn.blogspot.in/2010/08/exchange-2010-enable-kerberos-on-cas.htmlRegards from www.windowsadmin.info | www.blog.windowsadmin.info
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 3:37am
No, I havent enabled Kerberos authentication on CAS. Must I eneble ths to solve this behaviour?
Thanks!
July 16th, 2012 3:39am
Hi SKM12,
Sound like some misconfiguration in your HLB.
What method to you have set for persistence and what is the timeout?
Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 4:05am
Hardware Load Balancer configuration:
TCP 135: Persistence: Source IP 1200 seconds . Session Timeout:12h
TCP 60200: Persistence:Source IP 1200 seconds . Session Timeout:12h (CAS STATIC PORT)
TCP 60201: Persistence: Source IP 1200 seconds . Session Timeout:12h (CAS STATIC PORT)
When I move a mailbox from database, sometime asks for users credentials, sometime not.
1200 seconds it too low.
Many HLB vendors recommend to have it set to 7200, but check the manual for the HLB you are using.
Martina Miskovic
July 16th, 2012 4:22am
Thanks Martina for your quick response!!
We are using Cisco CSS, and I cannot find a configuration guide to load balance Exchange services, so we have configured the timeout according to other HWLB.
Do you think that asking for credentials when mailbox movement may be realated whit HWLB misconfiguration (timeout)?
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 4:29am
Do you think that asking for credentials when mailbox movement may be realated whit HWLB misconfiguration (timeout)?
Yes, that's exactly what I am thinking. I've seen it before, so...
I have no experience with Cisco CSS so I can't help you there but do change the settings and see if that helps.Martina Miskovic
July 16th, 2012 4:31am
I could have reproduce the mailbox movement issue in a lab environment. In this lab there is only a CAS and two mailboxes in a DAG, and HWLB is not used.
Same issue on lab without HWLB, I am frustrated :(
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 5:16am
I'd suggest you collect network trace log for further analysis.
Hope it is helpful.Fiona Liao
TechNet Community Support
July 16th, 2012 6:59am
Traces logs does not any warnings or errors.
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 7:38am
I really think Exchange ask for user credentials due to Outlook Anywhere. if I disable Outlook anywhere, credentials window does not appear... but is very strange this behaviour. When the mailbox is moved it is disconnected for a few seconds. I understand
that Outlook gets disconnected and tries to connect by HTTPS...
July 16th, 2012 7:52am
If disabling Outlook Anywhere, Outlook will connect via TCP/IP internally. I am suspecting the issu is caused by a firewall in front of your CAS server?
Try to reproduce the issue via clicking Send/Receive button, or enabling the Out of Office settings. It would help us isolate the fault.
Thanks. Fiona Liao
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 11:56pm
Send/receive button and OOF works fine.
Any ideas?
Thanks
July 18th, 2012 11:02am
So it is nothing about web-based services. Is there a firewall? Any record in GC server's Application event log?
I would still you collect network trace log for analysis.
Fiona Liao
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2012 8:45pm
Any ideas?
No one is
experiencing this behavior?
July 31st, 2012 3:08am