Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Outlook -> remote exchange -> always wants a password

14 views
Skip to first unread message

David Thielen

unread,
Apr 4, 2006, 4:28:01 PM4/4/06
to
Hi;

Asking again.

On my daughters first laptop I had it set up so Outlook did remote
access of exchange (MAPI) and it did not prompt her for her
username/password. So I am 99% certain that the SBS end is set up
correctly.

I had to get her a new laptop (she could not get ArcView, The Sims,
and Rollercoaster Tycoon all on the hard drive of the old one - and
apparently those are all necessities of life).

I have Outlook able to get to Exchange using https. But it prompts her
for her username & password every time she starts Outlook. How do I
get it to save that info so she is not prompted? I followed the
instructions from server/remote exactly.

I tried NTLM (instead of basic authentication) - but then login
failed. I tried user, windward\user, user@windward, and
us...@windward.local and none of them worked.

thanks - dave

david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Frank McCallister SBS MVP

unread,
Apr 4, 2006, 4:35:14 PM4/4/06
to
NTLM authentication will not work thru ISA and some other firewalls. I
suspect you are stuck with having her enter Authentication the first time
she opens Outlook. She can then Minimize the program and bring it back up
without entering password again.

--
Frank McCallister SBS MVP
MCP Microsoft Small Business Specialist
COMPUMAC
"David Thielen" <da...@windward.net> wrote in message
news:bil53291du9gp1av3...@4ax.com...

Bryan L

unread,
Apr 5, 2006, 2:49:38 PM4/5/06
to
What you're looking for is possible if the laptop is running XP Pro. XP
Home will prompt for the login credentials every time even if configured
identically to a properly configured XP Pro machine. I learned that hard
lesson when my boss got a new home computer with XP Home.

That said, it's possible to get an XP Pro laptop properly configured with
Outlook 2003 if you have the necessary patch level on XP and tweak at least
one registry setting. My home PC (and for that matter, all my laptop users)
are set up to open Outlook and work with no password prompt at all. If you
have XP Pro post back and I'll provide details, I'll have to dig them up
since I haven't used them all in a while. It's been a while since I
configured the server so my advice will probably only be useful on the
client configuration side, I don't have time to revisit and remember what I
did on the server side of things. From your post it sounds like your server
setup is probably good.

Note that I AM using NTLM authentication, which I prefer to basic. And it
IS working as you describe.

Bryan

"David Thielen" <da...@windward.net> wrote in message
news:bil53291du9gp1av3...@4ax.com...

David Thielen

unread,
Apr 5, 2006, 2:51:56 PM4/5/06
to
Hi;

We don't use ISA - we use a sonicwall for our firewall. Is there a
port number I need to open in the sonicwall for ntlm?

thanks - dave


On Tue, 4 Apr 2006 15:35:14 -0500, "Frank McCallister SBS MVP"
<anonymous> wrote:

>NTLM authentication will not work thru ISA and some other firewalls. I
>suspect you are stuck with having her enter Authentication the first time
>she opens Outlook. She can then Minimize the program and bring it back up
>without entering password again.

Frank McCallister SBS MVP

unread,
Apr 5, 2006, 3:25:27 PM4/5/06
to
Not a port issue. Probably won't work on Sonicwall either on NTLM

--
Frank McCallister SBS MVP
MCP Microsoft Small Business Specialist
COMPUMAC
"David Thielen" <da...@windward.net> wrote in message

news:6d4832ph853grm5eg...@4ax.com...

David Thielen

unread,
Apr 7, 2006, 12:05:31 AM4/7/06
to
Hi;

Yes, XP Pro on my daughters computer (and all computers here at home).
Please pass on the info.

thanks - dave

Frank McCallister SBS MVP

unread,
Apr 7, 2006, 7:58:30 AM4/7/06
to
Bryan

That is possible only under certain conditions. Certain firewalls including
ISA will not pass NTLM properly.

--
Frank McCallister SBS MVP
MCP Microsoft Small Business Specialist
COMPUMAC

"Bryan L" <blinton...@connellinsurance.nospam.com> wrote in message
news:uKjHyGOW...@TK2MSFTNGP03.phx.gbl...

David Thielen

unread,
Apr 10, 2006, 12:57:13 PM4/10/06
to
Hi;

I don't use ISA. My firewall is a sonicwall SOHO. And I know I had
this working before on her previous laptop (since reformatted
unfortunately).

How can I configure this?

thanks - dave


On Fri, 7 Apr 2006 06:58:30 -0500, "Frank McCallister SBS MVP"
<anonymous> wrote:

>Bryan
>
>That is possible only under certain conditions. Certain firewalls including
>ISA will not pass NTLM properly.

Frank McCallister SBS MVP

unread,
Apr 10, 2006, 1:54:11 PM4/10/06
to
For a quick test disconnect the sonicwall and see if NTLM works. I doubt
that Sonicwall will pass NTLM but I don't really know

--
Frank McCallister SBS MVP
MCP Microsoft Small Business Specialist
COMPUMAC

"David Thielen" <da...@windward.net> wrote in message

news:jh3l329nhsbdnlhkr...@4ax.com...

Bryan L

unread,
Apr 10, 2006, 4:12:22 PM4/10/06
to
Okay, here goes:

My server and client configuration is currently allowing RPC over HTTP with
no password prompts for my users. However, I differ from Microsoft
recommendations in one respect: instead of using basic authentication over
SSL, I have my server set to use Integrated Windows authentication over SSL.
If your other existing clients are working fine without being prompted and
you are using basic authentication, changing your server settings will
almost certainly "break" your existing users if the client setup does not
also match what I'm going to describe here.

I'm assuming your service pack level / patch level on the laptop is current.
Older versions of XP (pre SP2) need hotfixes and updates for this to work.

TO CHECK ON YOUR SERVER:
- In IIS, browse to Default Web Site, right-click RPC > Properties.
- Under Directory Security, Authentication and acesss, click Edit
- Enable anonymous access is unchecked
- Integrated Windows authentication is the only thing checked
- Under Directory Security, Secure Communications, click Edit
- Use: Require SSL, Require 128-bit, Ignore client certs
(If this is appropriate for your certificate - it is for ours)
Close out of these configuration dialogs, keeping the appropriate changes.

ON THE WORKSTATION:
I had to change the following registry setting on my workstations:

HKLM\System\CurrentControlSet\Control\Lsa,
lmcompatibilitylevel = 2

OUTLOOK PROFILE CONFIGURATION:
Under Exchange Proxy Settings,
Checked
Connect using SSL Only and
Mutually authenticate the session
Used appropriate dns name/ip in first field,
prepended "msstd:" to the same dns name/ip in second field
Proxy uuthentication settings,
select NTLM Authentication

You can refer to this for more info.
http://support.microsoft.com/?id=833401
Let me know if this doesn't work, I may be able to drag up the original
articles that discussed configuring this to use NTLM so that the workstation
would be allowed remember the password for future sessions.

Let me know if this works/helps. It's been a while, but this is working
great for me. Even my computer at home, that is not a member of the domain,
is able to remember the password. When my domain password changes, I am
prompted for the password the next time I use outlook at home; it then
remembers the new password.

Keep us posted,

Bryan


David Thielen

unread,
Apr 11, 2006, 1:32:50 AM4/11/06
to
I just realized - even inside the firewall it prompts for the password
and NTLM authentication fails. But inside there is no firewall to pass
through.

??? - thanks - dave

On Mon, 10 Apr 2006 12:54:11 -0500, "Frank McCallister SBS MVP"
<anonymous> wrote:

>For a quick test disconnect the sonicwall and see if NTLM works. I doubt
>that Sonicwall will pass NTLM but I don't really know

0 new messages