Exchange 2013 and Windows XP with wildcard certs

We had a client that upgraded from Exchange 2007 to 2013.  After the migration the Windows XP machines would not connect to Exchange.  The users were presented with a credentials / password pop-up repeatedly and no matter what was entered the Outlook client would never connect to Exchange.

Having dealt with XP in other Exchange 2013 environments we tried all the usual tricks:

  • Update Office 2007 / 2010 to the correct hotfix level
  • Edit the lmcompatibility level in the registry of the XP box by locating the following registry key:  HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
    Change lmcompatibilitylevel object to 2 or 3 (we used 3), then restart computer.
  • Run “Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.domain.com”
  • Manually set the security in the Outlook client to NTLM.
  • Change the OWA authentication methods to the following:

    InternalHostname                   : email.domain.com
    ExternalClientAuthenticationMethod : Negotiate
    InternalClientAuthenticationMethod : Ntlm
    IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

But none of these worked!  The unique thing about this customer’s setup compared to others was that they were using a wildcard cert.  We noticed that the cert SAN name for OutlookProvider was set to “mail.domain.com” and it really should’ve been “*.domain.com”.  Here is the command that saved the day.

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domain.com

Do a “get-OutlookProvider | fl” in order to confirm the settings.  Then wait for a few minutes and try again.  We had to open Outlook once with a failure to login and then close Outlook and start it again.  The continual login prompt was gone!

Side note: For the Set-OutlookProvider command EXCH is for internal OWA clients and EXPR is for external clients.

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We perform a discovery of your current and future needs

3

We prepare a proposal