Home / server / Questions / 1013811
Accepted
fcm
Asked: 2020-04-24 07:56:49 +0800 CST

Outlook Exchange Server

  • 772

Working in a 2019 Domain Active Directory, running 2019 Exchange Server, using Office Professional Plus 2016.

Adding a new account to Outlook, connect to exchange using autodiscover, the process goes smooth open the mailbox, populate folders and show the content. After a few minutes, 'need password' and a (looks like a web request) for a password. Just clicking 'Type Exchange Password and Continue' on the 'send/receive' bar, reconnect and... smooth sailing again.

Assuming domain is VALID and user is USER. Checking the security log on Exchange Server, I can see the initial connections is for VALID\USER but, the next one, that fails, is for EXCHANGE\USER. Our server name is EXCHANGE. Why trying to use the wrong domain? It also try USER@VALID... without sending the domain, that also fail.

Tests:

In Outlook-2016, create a new profile, add the domain account: same result. I should note that Outlook did not ask for username\password. The computer I'm using is not join to DOMAIN.

Hints:
I test the connection using the TestConnectivity tool results show ok, with no mention to DOMAIN as domain.

exchange outlook exchange-2019 outlook-2016

2 Answers

  1. Did you get the following web request?

    enter image description here

    • 0
  2. Best Answer

    Sorry to answer my own question, however, I hope that will help others.

    I'm a manager on my organization, at one point, I had 'FullAccess' to helpdesk and clerks users mailboxes; their entry turn corrupted (moved, deleted, disabled etc.) and, for whatever reason, I was unable to access them, so Outlook start asking for a password.

    This Powershell script will visit every user, showing the third party mailbox permission for that user, removing 'me' (as $myself) if found there.

    $myself=get-mailbox -id <MY_ID_HERE>
# search all the users, looking for me
# I'm interested only in 'real' users (with Mailbox)
# Ignoring display of one user redacted as 'xxx'
foreach ($mbx in ( Get-Mailbox )){        
    $user = $mbx | get-MailboxPermission  | `
        % { Get-Mailbox -Identity $_.user.rawIdentity -errorAction SilentlyContinue } | `
        ? { $_.Alias -ne 'xxx' }
    if ($user){
        Write-Output "------ $($mbx.DisplayName) $($mbx.alias) ------"
        foreach($fc in ($user | ? { $_.alias -eq $myself.alias } ) ){
            Remove-MailboxPermission -Identity $mbx.alias -AccessRights ('FullAccess') -User $fc.Alias -Confirm:$False
        }
        $user
        }
}

    Well, no more passwords request after running it. Of course if you really need access.... you need to set them back again.

    Use the -whatif parameter on the Remove-MailboxPermission to test the script.

    • 0