Today i have to cope with an Authentication Issue when Outlook 2010 running on Windows XP and try to connect to Outlook Anywhere
Outlook 2010 running on Windows 2008 works fine but not on XP. Outlook for the first time and no way to connect
Below is the production environment
Windows XP professionnel version 5.1 2600 service Pack 3 Nu 2600 X86
Outlook 2010 version 14.7015.1000 32 Bit
Exchange 2013 SP1 Us Version
[PS] C:\Windows\system32>Get-OutlookProvider
Name Server CertPrincipalName TTL
—- —— —————– —
EXCH msstd:*.company.com 1
EXPR msstd:*.company.com 1
WEB 1
[PS] C:\Windows\system32>Get-OutlookAnywhere
RunspaceId : 72996687-448d-44fb-bef2-de48ccd0fa32
ServerName : SRVEXC01
SSLOffloading : True
ExternalHostname : oa.company.com
InternalHostname : oa.company.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://SRVEXC01.mrsaero.loc/W3SVC/1/ROOT/Rpc
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : SRVEXC01
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=SRVEXC01,CN=Servers,CN=Exchang Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mrsaero,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mrsaero,DC=loc
Identity : SRVEXC01\Rpc (Default Web Site)
Guid : 47bf7118-1c00-4add-82a0-172958d49f9d
ObjectCategory : mrsaero.loc/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
On the worktation XP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\. Lmcompatibilitylevel = 3
I decided to change to ntlm
set-outlookanywhere -identity « SRVEXC01\Rpc (Default Web Site) » -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm
set-outlookanywhere -identity « SRVEXC02\Rpc (Default Web Site) » -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm
and restart the rpc client access service … Same Issue
I decided to modify the outlook providers by using
Set-outlookProvider –identity WEB – CertPrincipalName msstd:*.company.com
Reboot the server… same Issue..
Trying to change the authentication method on autodiscover….
Set-autodiscovervirtualdirectory -identity « SRVEXC01\Autodiscover (Default Web Site) » -DigestAuthentication $true
Set-autodiscovervirtualdirectory -identity « SRVEXC02\Autodiscover (Default Web Site) » -DigestAuthentication $true
But it is not that
I download a tool fiddler2 to see what URL is accessed byt the Outlook client when autoconfiguration for the first time is made. And I discover that the Autodiscover was based on local client access FQDN. To have a real test I delete each time the profil user on the XP machine and loggin again.
So I decided to modify the configuration with this cmdlet
get-clientaccessserver | set-clientaccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/Autodiscover/Autodiscover.xml
so now buy using Fiddler acting as as proxy I can see that outlook use the autodiscover FQDN wich is a Load Balanced VIP. But…. Same issue . The worse is when Fiddler is open it works when I close fiddler outlook have an authentication issue
A this time no authentication is possible !