Skip to content

Outlook 2007 and Exchange 2013/2016 – Keeps Prompting for Logon Credentials

After migrating to Exchange 2013 and/or 2016, and still having a couple of Microsoft Outlook 2007 installations left, the following issue started popping up: as soon as users launch their Outlook 2007 (while already being migrated to Exchange 2013/2016), they were always prompted for their Logon Credentials, though Remember my password has been checked:

outlook_2007_logon_02

System requirements for Exchange 2016 (as per Exchange 2016 system requirements):

Exchange 2016 and Exchange Online support the following versions of Outlook:

  • Outlook 2016
  • Outlook 2013
  • Outlook 2010 with KB2965295
  • Outlook for Mac for Office 365
  • Outlook for Mac 2011

Outlook clients earlier than Outlook 2010 are not supported. Email clients on Mac operating systems that require DAV, such as Entourage 2008 for Mac RTM and Entourage 2004, are not supported.

Well, that's quite annoying, as it looks like Microsoft Outlook 2007 is not supported with Exchange 2016. But with my environment it still seems to work if you are able to set it up just like I did.

My setup consisted of:

  • Microsoft Outlook 2007 has been freshly installed
  • Microsoft Outlook 2007 SP3 has been installed
  • Microsoft Outlook 2007 Update KB2687404 has been installed
  • I did not install any other updates provided by our internal WSUS server and just ignored them

outlook_2007_logon_05

With my initial launch of Microsoft Outlook 2007 I let Autodiscover handle the automatic configuration of my Outlook 2007 client. After having entered my credentials once during the setup process, Outlook 2007 was able to successfully connect to Exchange 2016. Then I closed my client and verified my Outlook Profile Settings:

outlook_2007_logon_03

With these settings in place everything works as exptected, without having any negative effects on Outlook 2010 and/or Outlook 2013 users. I had to configure my Exchange 2016 Outlook Anywhere settings as depicted in order for Outlook 2007 to receive a working set of Autodiscover settings:

  • ExternalHostname : webapp.domain.de
  • InternalHostname : webapp.domain.de
  • ExternalClientAuthenticationMethod : Basic
  • InternalClientAuthenticationMethod : Basic
  • IISAuthenticationMethods : {Basic}
  • ExternalClientsRequireSsl : True
  • InternalClientsRequireSsl : True
  • Name : Rpc (Default Web Site)
  • Identity : <Server>\Rpc (Default Web Site)

outlook_2007_logon_04

By running the following cmdlet I was able to achieve the aformentioned configuration, i.e. adjusting the Exch-Rpc-Http-Virtual-Directory settings (followed by an iisreset) on Exchange 2016:

Get-OutlookAnywhere -Server <Server> | Set-OutlookAnywhere -InternalHostname "webapp.domain.de" -InternalClientsRequireSsl $true -InternalClientAuthenticationMethod Basic

As soon as InternalClientAuthenticationMethod is set to either NTLM or Negotiate, Outlook 2007 keeps prompting for the user's credentials again and they cannot connect to Exchange 2016's Rpc (Default Web Site).

Autodiscover.xml looks like this when running Test Email Auto Configuration with Microsoft Outlook 2007:

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Alexander Ollischer</DisplayName>
      <LegacyDN>/o=Erste Organisation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Alexander Ollischer420</LegacyDN>
      <AutoDiscoverSMTPAddress>ollischer@domain.de</AutoDiscoverSMTPAddress>
      <DeploymentId>46c1eb55-eae4-4f28-b74d-4f54da22d230</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <MicrosoftOnline>False</MicrosoftOnline>
      <ConsumerMailbox>False</ConsumerMailbox>
      <Protocol>
        <Type>EXCH</Type>
        <Server>1a6a703c-1d72-49c2-a944-6d86d20089a0@domain.de</Server>
        <ServerDN>/o=Erste Organisation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=1a6a703c-1d72-49c2-a944-6d86d20089a0@domain.de</ServerDN>
        <ServerVersion>73C180E1</ServerVersion>
        <MdbDN>/o=Erste Organisation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=1a6a703c-1d72-49c2-a944-6d86d20089a0@domain.de/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>webapp.domain.de</PublicFolderServer>
        <AD>SERVDC01.domain.local</AD>
        <ASUrl>https://mail.domain.de/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.de/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.domain.de/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.domain.de/owa/</EcpUrl>
        <EcpUrl-um>?path=/options/callanswering</EcpUrl-um>
        <EcpUrl-aggr>?path=/options/connectedaccounts</EcpUrl-aggr>
        <EcpUrl-mt>options/ecp/PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.de</EcpUrl-mt>
        <EcpUrl-ret>?path=/options/retentionpolicies</EcpUrl-ret>
        <EcpUrl-sms>?path=/options/textmessaging</EcpUrl-sms>
        <EcpUrl-photo>?path=/options/myaccount/action/photo</EcpUrl-photo>
        <EcpUrl-extinstall>?path=/options/manageapps</EcpUrl-extinstall>
        <OOFUrl>https://mail.domain.de/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.de/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.de/OAB/20b5b929-97f2-49d5-a8d6-369778bedd0f/</OABUrl>
        <ServerExclusiveConnect>off</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>webapp.domain.de</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://webapp.domain.de/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://webapp.domain.de/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://webapp.domain.de/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://webapp.domain.de/owa/</EcpUrl>
        <EcpUrl-um>?path=/options/callanswering</EcpUrl-um>
        <EcpUrl-aggr>?path=/options/connectedaccounts</EcpUrl-aggr>
        <EcpUrl-mt>options/ecp/PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.de</EcpUrl-mt>
        <EcpUrl-ret>?path=/options/retentionpolicies</EcpUrl-ret>
        <EcpUrl-sms>?path=/options/textmessaging</EcpUrl-sms>
        <EcpUrl-photo>?path=/options/myaccount/action/photo</EcpUrl-photo>
        <EcpUrl-extinstall>?path=/options/manageapps</EcpUrl-extinstall>
        <OOFUrl>https://webapp.domain.de/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://webapp.domain.de/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webapp.domain.de/OAB/20b5b929-97f2-49d5-a8d6-369778bedd0f/</OABUrl>
        <ServerExclusiveConnect>on</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webapp.domain.de</CertPrincipalName>
        <EwsPartnerUrl>https://webapp.domain.de/EWS/Exchange.asmx</EwsPartnerUrl>
        <GroupingInformation>Munich</GroupingInformation>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.de/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.domain.de/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://webapp.domain.de/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://webapp.domain.de/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>webapp.domain.de</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.de/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.de/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.domain.de/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.domain.de/owa/</EcpUrl>
        <EcpUrl-um>?path=/options/callanswering</EcpUrl-um>
        <EcpUrl-aggr>?path=/options/connectedaccounts</EcpUrl-aggr>
        <EcpUrl-mt>options/ecp/PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.de</EcpUrl-mt>
        <EcpUrl-ret>?path=/options/retentionpolicies</EcpUrl-ret>
        <EcpUrl-sms>?path=/options/textmessaging</EcpUrl-sms>
        <EcpUrl-photo>?path=/options/myaccount/action/photo</EcpUrl-photo>
        <EcpUrl-extinstall>?path=/options/manageapps</EcpUrl-extinstall>
        <OOFUrl>https://mail.domain.de/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.de/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.de/OAB/20b5b929-97f2-49d5-a8d6-369778bedd0f/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>webapp.domain.de</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://webapp.domain.de/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://webapp.domain.de/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://webapp.domain.de/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://webapp.domain.de/owa/</EcpUrl>
        <EcpUrl-um>?path=/options/callanswering</EcpUrl-um>
        <EcpUrl-aggr>?path=/options/connectedaccounts</EcpUrl-aggr>
        <EcpUrl-mt>options/ecp/PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.de</EcpUrl-mt>
        <EcpUrl-ret>?path=/options/retentionpolicies</EcpUrl-ret>
        <EcpUrl-sms>?path=/options/textmessaging</EcpUrl-sms>
        <EcpUrl-photo>?path=/options/myaccount/action/photo</EcpUrl-photo>
        <EcpUrl-extinstall>?path=/options/manageapps</EcpUrl-extinstall>
        <OOFUrl>https://webapp.domain.de/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://webapp.domain.de/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webapp.domain.de/OAB/20b5b929-97f2-49d5-a8d6-369778bedd0f/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webapp.domain.de</CertPrincipalName>
      </Protocol>
      <AlternativeMailbox>
        <Type>Delegate</Type>
        <DisplayName>Administrator</DisplayName>
        <SmtpAddress>Administrator@domain.de</SmtpAddress>
        <OwnerSmtpAddress>Administrator@domain.de</OwnerSmtpAddress>
      </AlternativeMailbox>
      <PublicFolderInformation>
        <SmtpAddress>PublicFolder@domain.local</SmtpAddress>
      </PublicFolderInformation>
    </Account>
  </Response>
</Autodiscover>

Maybe this is of use for someone else.

Further reading:

Leave a Reply