0

I have an SBS 2011 Standard machine that clients running Microsoft Outlook 2007 and 2010 have issues connecting to - every hour or so they are asked to enter mailbox account credentials.

The server is as follows:

  • Fully patched with Windows Updates
  • After out-of-box install, the Autodiscover record was missing in the DNS (this was added - still same issue)
  • Self signed certificate is being used not a purchased UC subject-alternate-name cert
  • User ticks Remember Password in Outlook, but it still pops up again later anyway
  • User clicks cancel without entering details, and they can still send/receive!
  • Clients and server are all on the same subnet
  • No antivirus or firewall is in place that would block any traffic
  • iPhones installed with the self signed cert work with active sync perfectly fine

Can someone kindly advise:

  1. What the issue may be and how to diagnose further?
  2. If Subject-Alternate-Name certificates are required for SBS or if self-signed is OK
  3. Most importantly, how to enable tracing in Outlook or SBS so I can find out why credentials are being asked
morleyc
  • 1,120
  • 13
  • 45
  • 86
  • What happens if you create a new Outlook profile? Had this issue on a machine I was beating on mercilessly for something unrelated, Outlook took some collateral damage, but a minty fresh profile fixed it. – gravyface Aug 28 '12 at 23:06
  • Do you ever have a loss of connectivity between the server and clients? – Robin Gill Aug 29 '12 at 17:22

4 Answers4

2

One thing that could be worth checking is if the Exchange Address Book service is running, as it tends to start a bit early with the latest patches for Exchange, and then fail starting up.

pauska
  • 19,532
  • 4
  • 55
  • 75
  • 1
    the plot thickens! No Exchange Address Book is not running, infact it fails to start with `Unable to register the MSExchangeAB RPC interface. Failed with the error code The endpoint is a duplicate (1740)` – morleyc Aug 26 '12 at 14:05
  • @g18c I'd stick on this one and investigate further if I were you. Perhaps there is a zombie AB process running? – pauska Aug 26 '12 at 14:25
  • Have you validated that you have OAB configured correctly and defined for the user's database? – Vick Vega Aug 26 '12 at 23:49
  • This is a combination of OAB service not running and users typing the e-mail address which happens to be different from the domain username! There is now an issue with the autodiscover record as the external domain name is different from the internal but thats another story. I have never, ever had so many issues with an Exchange install in my life, but then again they have all been standalone rather than highly strung SBS2011 which is a nightmare. Thanks for all the help. – morleyc Aug 30 '12 at 04:48
1

Several things to validate:

  1. Make sure dcdiag comes back clean. Resolve any issues if found.
  2. Make sure IP of the SBS server is correctly configured on client's machines and is the only DNS.
  3. Double-check correct configuration of the DNS on the server.

Couple things to note:

You don't need AUTODISCOVER config on the internal network. Internal Exchange cert is enough, given it's correctly imported/trusted by the clients. SAN is not required on the internal network.

Vick Vega
  • 2,398
  • 16
  • 22
  • Hi @Vick, checked all of your points (thank you) all are OK and we only have one DNS server on the network. We are using self-signed cert. If we click cancel on the credentials window, we can still send and receive!! How can i enable tracing/error logging to see exactly what is going on as this is very frustrating? – morleyc Aug 26 '12 at 13:42
  • Navigate to the event log on the server, check if there's any errors. – Vick Vega Aug 26 '12 at 23:50
1

Few things to check:

  1. Do you have only one DNS set on clients (SBS DNS) or do you use additional DNS as a failsafe? If the 2nd remove the 2nd dns.

  2. Right click on Outlook icon holding CTRL and make sure Show Microsoft Exchange Messages , Show Network Warnings, Show Network Connectivity changes are checked.

  3. Any errors/warnings in Application Log, Service log on your SBS machine?

  4. Is SBS license activated and within scope? In SBS 2003 when limit of users corresponding to license was reached SBS freaks out. Maybe it's a case here as well. Check logs thou on both SBS and local machine. It will tell you the truth.

  5. User ticks Remember Password in Outlook, but it still pops up again later anyway does often require additional steps to work properly. You may need to add domains into Local Intranet settings in Internet Explorer (you can do it thru GPO). Add something like *.yourdomain.com, *.yourdomain.local. Otherwise the password isn't always remembered correctly.

  6. Make sure all Exchange services are running.

MadBoy
  • 3,703
  • 13
  • 61
  • 93
0

One of our tech team found this. Check for the Microsoft update KB2596598 on the PC. If it is there uninstall it. It seems to be this update affecting PCs running Windows XP and Office 2007 on Exchange 2010.

James
  • 1