Re: Outlook -> remote exchange -> always wants a password

Okay, here goes:

My server and client configuration is currently allowing RPC over HTTP with
no password prompts for my users. However, I differ from Microsoft
recommendations in one respect: instead of using basic authentication over
SSL, I have my server set to use Integrated Windows authentication over SSL.
If your other existing clients are working fine without being prompted and
you are using basic authentication, changing your server settings will
almost certainly "break" your existing users if the client setup does not
also match what I'm going to describe here.

I'm assuming your service pack level / patch level on the laptop is current.
Older versions of XP (pre SP2) need hotfixes and updates for this to work.

TO CHECK ON YOUR SERVER:
- In IIS, browse to Default Web Site, right-click RPC > Properties.
- Under Directory Security, Authentication and acesss, click Edit
- Enable anonymous access is unchecked
- Integrated Windows authentication is the only thing checked
- Under Directory Security, Secure Communications, click Edit
- Use: Require SSL, Require 128-bit, Ignore client certs
(If this is appropriate for your certificate - it is for ours)
Close out of these configuration dialogs, keeping the appropriate changes.

ON THE WORKSTATION:
I had to change the following registry setting on my workstations:

HKLM\System\CurrentControlSet\Control\Lsa,
lmcompatibilitylevel = 2

OUTLOOK PROFILE CONFIGURATION:
Under Exchange Proxy Settings,
Checked
Connect using SSL Only and
Mutually authenticate the session
Used appropriate dns name/ip in first field,
prepended "msstd:" to the same dns name/ip in second field
Proxy uuthentication settings,
select NTLM Authentication

You can refer to this for more info.
http://support.microsoft.com/?id=833401
Let me know if this doesn't work, I may be able to drag up the original
articles that discussed configuring this to use NTLM so that the workstation
would be allowed remember the password for future sessions.

Let me know if this works/helps. It's been a while, but this is working
great for me. Even my computer at home, that is not a member of the domain,
is able to remember the password. When my domain password changes, I am
prompted for the password the next time I use outlook at home; it then
remembers the new password.

Keep us posted,

Bryan


.

Relevant Pages

  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: SSPI Kerberos for delegation
    ... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
    (comp.protocols.kerberos)
  • Re: Aironet 1200/Radius Help Needed
    ... I just fired up a W2003 Advanced Server so that I can take ... >> IAS servers (do I need a separate certificate for the secondary IAS ... >> of authentication since it involves just installing the certificate on ... >between the AP and the client. ...
    (microsoft.public.internet.radius)
  • Problem joining Windows domain from remote VPN/PPTP box
    ... server OK with administrator rights (configured via Routing and Remote ... On client there exists static route for remote network that points to ... following information can help you troubleshoot your DNS configuration. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)