I have set up a new SBS 2008 server (including Exchange 2007). The clients are running Outlook 2007.
All clients have an issue where Outlook periodically prompts for login to access remote.mydomain.com. When correct credentials are entered, the dialog comes back straight away (ie. authentication is not successful). Apart from this, Outlook is connected to the Exchange and receiving emails, so if I cancel the login box, so Outlook works ok if I cancel the login box.
The DNS is correctly set up and from the client, remote.mydomain.com resolves to the internal IP address of the server.
In Outlook, I have tried changing the authentication method to all values without luck.
Something else that I found strange and that may be linked to the issue is: Exchange 2007 uses auto-discovery and the file is accessed via https://remote.mydomain.com/autodiscover/autodiscover.xml. However, when I try to access the URL, from a client or from the server itself, I get a prompt for login and I am unable to authenticate (the login prompt comes back after correct credentials have been entered).
So my guess is that Outlook may be trying to access the auto-discover file and failing authenticating.
I have checked the authentication settings in IIS and they seem ok to me (Basic Authentication is enabled).
Any guesses?
Thanks.
There are a few different root causes that can make Outlook do what you're seeing. If you're not current on your updates to Exchange 2007 go ahead and apply the pending updates. It's, more than likely, being caused by a problem introduced in "Update Rollup 8 for Exchange Server 2007 Service Pack 1" as detailed in this TechNet blog entry. (That, at least, has been the main cause for the problem in my experience.)
If that doesn't resolve the issue, I'd suggest running the Exchange Best Practices Analyzer and seeing what, if anything, it find amiss.
Continous prompting in Outlook Anywhere
There is an issue when you enabled NTLM authentication in Outlook Anywhere when Exchange is installed on Windows 2008.
By default, Kernel Mode Authentication is enabled in IIS 7.0 on the Client Access server (CAS). To resolve this issue, disable Kernel Mode Authentication for Client Access servers that are running Windows Server 2008
open a command prompt window
cd \%systemroot%\system32\inetsrv\
AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false
When you have the Outlook Anywhere feature configured on a Windows Server 2008-based computer that is running Terminal Services Gateway, you may experience the following symptoms:
If you enable Outlook Anywhere before you install Terminal Services Gateway, users cannot connect to their Exchange mailboxes by using RPC over HTTP.
If you enable Outlook Anywhere after you install Terminal Services Gateway, Outlook Anywhere users can connect to Exchange by using RPC over HTTP. However, after you open the TS Gateway Manager snap-in, Outlook Anywhere users can no longer connect to Exchange by using RPC over HTTP
http://technet.microsoft.com/en-us/library/bb123889.aspx