question

17388939 avatar image
0 Votes"
17388939 asked 17388939 answered

Exchange 2013 Client access issues

Hi,
We have 2 Exchange 2013 servers CU 12. DAG and one DB. When the database is active on the first server, Outlook continually prompts for authentication credentials for personal and public mailboxes. When switching the database to the second server, everything works correctly. DAG, DB, CAS, server components pass all availability checks.
The authentication settings on IIS on the servers are the same. All boxes are accessible through owa.

The only thing that was found was that health boxes were not created on the first (problematic) server when the Microsoft Exchange Health Manager was restarted.

any ideas?

office-exchange-server-connectivity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LydiaZhou-MSFT avatar image
0 Votes"
LydiaZhou-MSFT answered 17388939 commented

Hi,

For "The authentication settings on IIS on the servers are the same", what do you check from IIS Manager?
Do you use Outlook Anywhere or MAPI/HTTP in your organization? You can check with the following command:

 Get-OrganizationConfig|fl MapiHttpEnabled

Please use these command check the authentication method for Outlook Anywhere or MAPI/HTTP. You can post the screenshot here, and don't forget to cover your personal information:

 Get-OutlookAnywhere | fl servername,*method*
 Get-MapiVirtualDirectory|fl Identity,*method*

Here are the default settings for Outlook Anywhere or MAPI/HTTP. Please make sure Negotiate is added into IISAuthenticationMethods:
14452-514.png

14446-515.png



514.png (3.4 KiB)
515.png (3.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

By default in 2013 Outlook Anywhere or MAPI/HTTP is disabled


Authentication settings (thank you for paying attention to this point, it will need to be corrected):

14337-capture.png



But I'm not sure if this is the problem. We are talking about domain users. Internal authentication - NTLM. The error appears after switching the base, i.e. it's not a CAS problem, right?

Any ideas on how to restore health boxes on a problem server? setup / p?

0 Votes 0 ·
capture.png (18.6 KiB)
LydiaZhou-MSFT avatar image
0 Votes"
LydiaZhou-MSFT answered LydiaZhou-MSFT commented

Do you mean this issue occurs on EXMB02?
What's the detailed version of Outlook do you use? Please make sure you install and use the latest Outlook version.

For some old Outlook version, it uses the external namespace to connect mailbox. This can cause the credential issue if set external authentication to Basic. You can check this for more details: Outlook is unable to connect to Exchange 2013 public folder or auto-mapped mailbox.

Please set ExternalClientAuthenticationMethod to NTLM or update to the latest version of Outlook, check if it works. Here is a similar thread for your reference: Users Prompted Once for Password When Opening Public Folders.

Additionally, the Outlook credential is more related to authentication in general. For your issues about health mailboxes, since you are using an old version of Exchange 2013, it's suggested to upgrade to the latest version Exchange Server 2013 CU23. Something may be fixed automatically during the upgrade. If you need further assistance for the health mailbox, you can post a new question to discuss it specifically.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@17388939 Do you try to set ExternalClientAuthenticationMethod to NTLM or update to the latest version of Outlook? Please let us know if you would like further assistance.

0 Votes 0 ·

Any updates so far? If you have solved your problem, could you share with us? Maybe it will help more people with similar problems.

0 Votes 0 ·
17388939 avatar image
0 Votes"
17388939 answered

Hi. sorry for the long answer. Updated all servers to CU23. The problem with access remains.I tried it on a new base with test accounts - no changes.
After the last scheduled maintenance, I now have a picture: on one PC, where the data file was created a long time ago (includes both the main user box and shared boxes), everything works normally. Only the main mailbox works on the test VM under the same user without authorization. When adding shared mailboxes, authorization requests appear immediately. At the same time, the database is active on the EXMB02. It seems that there is no longer any dependence on the server where the active database is located67289-provider.png


67237-outany.png



provider.png (6.2 KiB)
outany.png (32.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.