A Guide to Troubleshooting Outlook Certificate Warnings/Authentication Prompts in SBS 2008
[Today’s post comes to us courtesy of Shawn Sullivan from Commercial Technical Support and Chris Puckett from Product Quality ]
This post is a compilation of our current content involving fixes for an issue that continues to cause a fair amount of grief for our customers, Outlook 2007/2010 prompts. Feel free to bookmark and use this now and for future reference. If new scenarios become common, they will be added to this list as well.
Repeated prompts for authentication:
You can open Outlook and connect to Exchange; however you are continuously prompted for credentials after you login every 5 minutes or so.
Install the latest Update Rollup/ Service Pack for Exchange 2007 or manually disable Kernel Mode Authentication globally in IIS7.
https://blogs.technet.com/b/sbs/archive/2010/02/16/outlook-2007-credential-prompts-in-small-business-server-2008.aspx
Certificate mismatch warnings:
You receive a certificate mismatch warning when you open Outlook. Typically this will prevent you from connecting to Outlook Anywhere externally and you will be unable to accessing services like Out of Office Assistant and the Offline Address Book while connected to the LAN.
The most common causes for this involve improper registration of the public DNS name or issues connecting to the Autodiscover virtual directory running on the SBS 2008 server.
https://blogs.technet.com/b/sbs/archive/2010/01/05/troubleshooting-certificate-mismatch-warnings-in-outlook-2007-clients-on-small-business-server-2008.aspx
“Target Principal Name is Incorrect”:
After configuring a POP/IMAP account in Outlook, you receive a “Target Principal Name is Incorrect” pop-up warning when connecting to the SBS 2008 server hosting the mailbox.
This is by design based on the method Outlook uses to check the URL on the certificate. This will not cause the connection to fail, but the only way to stop this warning is to use a 3rd party certificate instead of the default SBS cert.
https://blogs.technet.com/b/sbs/archive/2008/10/17/you-receive-a-target-principal-name-is-incorrect-certificate-error-in-outlook-2007-when-connecting-to-either-pop3-or-imap4-on-sbs-2008.aspx
Unable to login past the prompts:
You are simply unable to authenticate through Outlook when connecting from the internet using Outlook Anywhere and never able to proceed past the login prompts.
The most common cause we see here are issues with the /RPC virtual directory and/or mismatched authentication settings between Exchange and IIS. The following post addresses this from a RWW/TSGateway perspective, but applies equally to Exchange since both technologies share the /RPC virtual directory (see section Four):
https://blogs.technet.com/b/sbs/archive/2009/06/19/common-remote-web-workplace-rww-connect-to-a-computer-issues-in-sbs-2008.aspx
Another common cause of this issue is that the SSL settings on the /RPC virtual directory have been changed to accept or require client certificates. You must select Ignore here and ensure that all other Exchange virtual directories on the SBS 2008 server match this setting as well:
Keywords
This section is a collection of different ways to describe the symptoms this blog post intends to solve:
Outlook prompts for credentials
Outlook prompting for credentials
Outlook prompted for credentials
Outlook prompts for authentication
Outlook prompting for authentication
Outlook prompted for authentication
Prompts for Username and password
Prompted for Username and password
Prompting for Username and password
Login prompts
Repeated Login prompts
Keeps asking for credentials
Outlook prompts for password
Outlook prompting for password
Outlook prompted for password
Asking for credentials again and again
Repeatedly, continually, continuously, continuous, repetitively