question

RudolfAmarlapudi-2729 avatar image
0 Votes"
RudolfAmarlapudi-2729 asked RudolfAmarlapudi-2729 answered

After CU23 & Zero Day patch - Outlook clients constantly prompted for password.

Hello,

We are running Exchange 2013 (Cumulative Update 23 (CU23)).

CU23 was recently installed, along with the Zero Day Patch.

The following day, we have been receiving reports that all users are being prompted for credentials frequently throughout the day.

The message is as follows:

90502-image.png


PF-Mailbox is the name of the Public Folder Mailbox.

Action taken so far with no success.

  • Recreated Outlook profile for a few users.

  • Switch between Online/Cached mode.

I don't see any errors on the server.

Any suggestions?

Thanks in advance.

Regards,
Rudy


office-exchange-server-administrationoffice-outlook-itpro
image.png (34.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RudolfAmarlapudi-2729 avatar image
0 Votes"
RudolfAmarlapudi-2729 answered

Hello everyone. The following entry addressed the issue:

HKEY_CURREHT_USER\Software\Microsoft\Exchange
DWORD (32-bit Value): AlwaysUseMSOAuthForAutoDiscover
Value: 1

Regards,
Rudy

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered

Hi @RudolfAmarlapudi-2729

How many servers are there in your environment? What's the outlook version of your users?

Do you use Outlook Anywhere or MAPI/HTTP in your organization? Please check with the below command:

 Get-OrganizationConfig|fl MapiHttpEnabled

Also use these command check the authentication method for Outlook Anywhere or MAPI/HTTP.

 Get-OutlookAnywhere | fl servername,*method*
 Get-MapiVirtualDirectory|fl Identity,*method*

I also see a related thread discussed the similar issue as yours: Exchange 2013 Public Folder Password Prompt, you could try modifying the registry key to resolve this issue. Like below:

I do have users that one by one have received the temporary mailbox warning and have implemented ExcludeExplicictO365Endpoint registry key to resolve. Unfortunately it does also require removing/re-adding their accounts to Outlook. so that's annoying! but not the fix for this.
I added the ExcludeHttpRedirect and PreferLocalXML and it seems to have resolved the public folder password prompt.

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
 

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RudolfAmarlapudi-2729 avatar image
0 Votes"
RudolfAmarlapudi-2729 answered RudolfAmarlapudi-2729 converted comment to answer

Hello Joycechen,

There is only 1 Exchange Server on the network. There is also a separate Domain Controller, and a few others that are not tied to email.

I think one high-suspect item is that the customer is using "Microsoft 365 - en - us" as listed in Programs & Features [Microsoft Outlook for Microsoft 365 MSO (16.0.13901.20366) 32-bit in About Outlook] which includes the Outlook Client. Unfortunately, the customer indicates that there are no Standard Office 2016, 2013 clients that I can cross check with.


Get-OrganizationConfig|fl MapiHttpEnabled
Result: FAlse

Get-OutlookAnywhere | fl servername,method
ServerName : MEC-MAIL
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}

Get-MapiVirtualDirectory|fl Identity,method
Identity : MEC-MAIL\mapi (Default Web Site)
IISAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}

I tried ExcludeExplicictO365Endpoint (Value:1), ExcludeHttpRedirect (Value:1), and PreferLocalXML (Value:1). Unfortunately, the issue remains.

Thank you again for your help.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi

Please try setting the authentication method to negotiate and run iisrest to verify the result again

 Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalClientAuthenticationMethod Negotiate

You could also try migrating the PF mailbox to another database

0 Votes 0 ·

Hi

Any progress here?

0 Votes 0 ·

We proceed with a paid case with Microsoft. I may have a possible solution. I'll poste once verified.

0 Votes 0 ·
LucasLiu-MSFT avatar image LucasLiu-MSFT RudolfAmarlapudi-2729 ·

Hi @RudolfAmarlapudi-2729 ,
It’s been a long time no receive your reply. I am writing here to confirm with you how thing going now?



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·