Today I ran into an issue with an exchange 2013 server and windows XP outlook clients. When doing the Autodiscover and configure on a Windows 7 workstation, everything worked fine. No password prompts and all the appropriate sections filled in correctly. However the windows XP machines would fail to authenticate and kept prompting for a username and password. No matter which combination I used ( E-mail address, domain\username , username ) none would authenticate. After searching for a while I came across this thread

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a7c25d6a-7cfc-40a1-a17e-a1f05f637d53

The reason was the certificates primary name was mail.company.com and when outlook autoconfigured the outlook over http settings it was putting in the exchange servers internal name because that was a valid SAN. Windows 7 is fine with SANs but XP is not. In resolution I opened the Exchange Shell and ran this command

Set-OutlookProvider EXPR -CertPrincipalName:”msstd:mail.domain.com”

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.domain.com

IISreset

After that everything was working perfectly for both Windows 7 and XP Users.

 

For Wildcards run

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domain.com

Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain.com

IISRESET

 

Note – The EXCH is for Internal users and EXPR is for External Users. Also Once the change was made and IISRESET was run. I got one more failed login when opening outlook. I closed and reopened again the second time without any error.

Advertisements