We had a client that upgraded from Exchange 2007 to 2013. After the migration the Windows XP machines would not connect to Exchange. The users were presented with a credentials / password pop-up repeatedly and no matter what was entered the Outlook client would never connect to Exchange.
Having dealt with XP in other Exchange 2013 environments we tried all the usual tricks:
- Update Office 2007 / 2010 to the correct hotfix level
- Edit the lmcompatibility level in the registry of the XP box by locating the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Change lmcompatibilitylevel object to 2 or 3 (we used 3), then restart computer. - Run “Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.domain.com”
- Manually set the security in the Outlook client to NTLM.
- Change the OWA authentication methods to the following:
InternalHostname : email.domain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
But none of these worked! The unique thing about this customer’s setup compared to others was that they were using a wildcard cert. We noticed that the cert SAN name for OutlookProvider was set to “mail.domain.com” and it really should’ve been “*.domain.com”. Here is the command that saved the day.
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domain.com
Do a “get-OutlookProvider | fl” in order to confirm the settings. Then wait for a few minutes and try again. We had to open Outlook once with a failure to login and then close Outlook and start it again. The continual login prompt was gone!
Side note: For the Set-OutlookProvider command EXCH is for internal OWA clients and EXPR is for external clients.
Wow fantastic. That saved me a whole heap of time troubleshooting.
Many thanks.
It worked also for me but after the first login, dowlonad all the mail, sync the cache, it has started again asking me the password… 🙁
seems that something in cliet side has been changed and stopped working..
Sorry maybe I have done some mistake, with
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.mycompany.com it worked very good.
This worked for me as well. Windows 7 clients on Office 2013 had no issues but Windows XP and Outlook 2007 always had that username and password prompt because we use wildcard certificate.
After setting the EXCH provider certificate name Outlook 2007 clients on Windows XP started working perfectly!
Does’it work for en exchange transition from 2007 to 2013 ?
This parameter will impact my client still on 2007 ?
Great !!
It works like a charm for me (XP + Office 2010 w/SP2)
Thx a lot !
This solution works, when the Outlook profile is already configured before changing to wildcard SSL.
If you setup a new profile on Outook, after the wildcard SSL is already applied, Outlook keeps asking for password over and over again.
I tried adding credential to the password vault under XP/User/Manage your credentials. Nothing works.
On any other OS, wildcard SSL works fine.
Hello did you fix the problem for a nuew profile?