3

I have set up Exchange 2010 and Outlook 2007 in a test lab. Everything works (with SSL, OOO, etc). But there is one niggle:

During autodiscover from an external machine on the Internet, the end user inputs their name, email, and password twice, clicks next..

Then, on my setup I get a windows login prompt, with the username as being "FredSmith@contoso.com" already filled in. Entering the password fails. Username set to "FredSmith" also fails... but "contoso\fredsmith" works perfectly!

The IIS log shows error 401 for the first hit, which was contoso.co.uk\fredsmith. So Outlook is taking my email domain name and using that as a logon domain, which fails because only contoso.local works.

Now, my philosophy is that the end user shouldn't have to ever know or type in the domain name. This is particularly because this is an SBS 2011 test site.

So to recap, end user has to complete autoconfiguration wizard by effectively logging in twice, with different credentials. The whole idea, surely, is that any end user can set up outlook. Let's imagine 20% of end users don't even know the difference between a forward slash and a back slash when it comes to that username.

servermanfail
  • 201
  • 1
  • 4
  • 12
  • Just a note that as well as "contoso\fredsmith" working, "fredsmith@contoso.local" also works which is slightly more user friendly. Interesting thing though, even when I didn't click to save the password, Outlook still works without a prompt even after a reboot! – servermanfail Feb 11 '12 at 17:51
  • That's because Autodiscover is used only during account setup. – Massimo Feb 11 '12 at 18:14
  • I beleive Autodiscover is called regularly, or at least, when there is a connection failure, or when you open the Mail control panel applet. After all, how else can you take a laptop off the domain network and it seemlessly swaps over to WAN access using different hostnames) – servermanfail Feb 15 '12 at 20:04

2 Answers2

1

In my experience, this has always happened: the default username for authenticating to the Autodiscover service is the user's email address, which just doesn't make any sense at all (unless it matches the user's UPN, which is quite unusual).

I'd be really glad if someone else could provide a different answer, as this has been bugging me for a while...

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Is it possible to edit the active directory so that "domain.com\user" or "user@domain.com" works as an alias? I think it's called UPN Alias but I cannot find the option in the GUI. – servermanfail Feb 11 '12 at 17:29
  • Yes, you can set a user's UPN in the user account properties in ADUC. – Massimo Feb 11 '12 at 17:34
  • How? Under the Account tab, it has ULN option, but the domain part of the UPN is a drop-down choice with only the 1 choice; contoso.local :( How do I add contoso.com as UPC alias please? Many thanks. – servermanfail Feb 11 '12 at 17:53
  • http://support.microsoft.com/kb/243629/en-us – Massimo Feb 11 '12 at 18:12
  • I only have a 'General', 'Trusts', and 'Managed by' tab.. this is SBS 2011. – servermanfail Feb 11 '12 at 18:58
  • SBS is a strange beast... it behaves differently from any standard Windows server, and some things are hidden and/or can't be done at all. Can't help you with that, sorry. – Massimo Feb 11 '12 at 19:51
0

It's easy! Load Active Directory Sites and Trusts, right click the root node, Properties, and add in these host names:-

autodiscover.domain.com domain.com

Job done! Now Outlook doesn't ask you for 2 sets of credentials! Just the one that is contained within the wizard.. Perfect!

Source and thanks to: How can I trick SBS 2011 into allowing me to assign a UPN alias so users can logon as user@domain.com (but it applies to Windows Server 2003+).

Community
  • 1
servermanfail
  • 201
  • 1
  • 4
  • 12