This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
We have 2 Exchange 2013 servers CU 12. DAG and one DB. When the database is active on the first server, Outlook continually prompts for authentication credentials for personal and public mailboxes. When switching the database to the second server, everything works correctly. DAG, DB, CAS, server components pass all availability checks.
The authentication settings on IIS on the servers are the same. All boxes are accessible through owa.
The only thing that was found was that health boxes were not created on the first (problematic) server when the Microsoft Exchange Health Manager was restarted.
any ideas?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 71%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
Hi,
For "The authentication settings on IIS on the servers are the same", what do you check from IIS Manager?
Do you use Outlook Anywhere or MAPI/HTTP in your organization? You can check with the following command:
Get-OrganizationConfig|fl MapiHttpEnabled
Please use these command check the authentication method for Outlook Anywhere or MAPI/HTTP. You can post the screenshot here, and don't forget to cover your personal information:
Get-OutlookAnywhere | fl servername,*method*
Get-MapiVirtualDirectory|fl Identity,*method*
Here are the default settings for Outlook Anywhere or MAPI/HTTP. Please make sure Negotiate is added into IISAuthenticationMethods:
Hi,
By default in 2013 Outlook Anywhere or MAPI/HTTP is disabled
Authentication settings (thank you for paying attention to this point, it will need to be corrected):
But I'm not sure if this is the problem. We are talking about domain users. Internal authentication - NTLM. The error appears after switching the base, i.e. it's not a CAS problem, right?
Any ideas on how to restore health boxes on a problem server? setup / p?
Do you mean this issue occurs on EXMB02?
What's the detailed version of Outlook do you use? Please make sure you install and use the latest Outlook version.
For some old Outlook version, it uses the external namespace to connect mailbox. This can cause the credential issue if set external authentication to Basic. You can check this for more details: Outlook is unable to connect to Exchange 2013 public folder or auto-mapped mailbox.
Please set ExternalClientAuthenticationMethod to NTLM or update to the latest version of Outlook, check if it works. Here is a similar thread for your reference: Users Prompted Once for Password When Opening Public Folders.
Additionally, the Outlook credential is more related to authentication in general. For your issues about health mailboxes, since you are using an old version of Exchange 2013, it's suggested to upgrade to the latest version Exchange Server 2013 CU23. Something may be fixed automatically during the upgrade. If you need further assistance for the health mailbox, you can post a new question to discuss it specifically.
@Сергей Карташев Do you try to set ExternalClientAuthenticationMethod to NTLM or update to the latest version of Outlook? Please let us know if you would like further assistance.
Any updates so far? If you have solved your problem, could you share with us? Maybe it will help more people with similar problems.
Hi. sorry for the long answer. Updated all servers to CU23. The problem with access remains.I tried it on a new base with test accounts - no changes.
After the last scheduled maintenance, I now have a picture: on one PC, where the data file was created a long time ago (includes both the main user box and shared boxes), everything works normally. Only the main mailbox works on the test VM under the same user without authorization. When adding shared mailboxes, authorization requests appear immediately. At the same time, the database is active on the EXMB02. It seems that there is no longer any dependence on the server where the active database is located
