I have had a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007 or Exchange 2010. There are a few reasons why this would happen and I will try to cover the most common ones here.
Exchange 2007 Service Pack
There was an issue with repeated password prompts that was resolved by installing Rollup 9 for Exchange 2007 SP1, however I would recommend that you should now be using Exchange 2007 SP2 since it has been around since August 2009: http://www.microsoft.com/downloads/details.aspx?FamilyID=4C4BD2A3-5E50-42B0-8BBB-2CC9AFE3216A&displaylang=en Exchange 2007 Service pack 3 is also available: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1687160b-634a-43cb-a65a-f355cff0afa6&displaylang=en
If you are in an Small Business Server 2008 environment and not yet using Exchange 2007 Rollup 9 you can also install SP2 for Exchange 2007 with the aid of the Installation Tool, available here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;974271
If that doesn’t fix the repeated prompt for password then it could be down to the autodiscover if you are using Outlook 2007 then you must configure autodiscover correctly. There are many articles out there that cover the correct way to configure autodiscover, one of the better ones I have found is this one: http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
However the part that most people are missing is the autodiscover.domainname.com (where domainname.com) is the part after the @ in your e-mail address. Newer versions of outlook will look for this for OAB download, free/busy information, Out of Office etc etc. If it’s not there then outlook will continually give user prompts. To accompany this you must have an SSL Certificate that contains the autodiscover.domainname.com URL (whilst you can configure ways around this, it really isn’t worth all the hastle). So purchasing an SAN/UCC Certificate, which you can get from http://www.exchangecertificates.comwith the following names in is a must for Exchange 2007 and Exchange 2010:
- owa.domainname.com (the URL used for Outlook Web Access)
- remote.domainname.com (used in SBS 2008)
- servername.domainname.local (the internal FQDN of your Exchange Server)
- SERVERNAME (NETBIOS Name of your Server)
You must also have the corresponding autodiscover.domainname.com and owa.domainname.com A records configured in your external DNS
Kernel authentication Mode
If you have all the above configured and you are still experiencing problems then the following procedure will more than likely fix it for you. It has been working a lot for me lately and also for people asking questions on Experts Exchange.
In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if you are not using SBS then they will be under the Default Website.
The virtual Directories you are looking for are:
In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.
Internet Explorer Proxy
Another recent discovery is that if you use a proxy server then you need to ensure that the exchange servers fully qualified domain name is in the exclusion list.
This can be done manually in Internet Explorer under Tools > Internet Options > Connections or using Group Policy if you want to make the change in a centralised environment.