Saturday, October 19, 2013

Using autodiscover to setup a user’s Outlook on a computer not joined to the domain keeps prompting for password

Problem

You have several remote users who are trying to set up their Outlook via the Outlook Anywhere service using Autodiscover to detect the settings but all of them are continuously prompted for their password.  The process looks similar to the following:

image

You enter the appropriate information:

image

The wizard proceeds to use the autodiscover service to set up the mailbox:

image

The user then receives a password prompt:

image

The user proceeds to type in their password but continuously gets prompted as shown above and after 3 or 4 attempts, the user is presented with the following:

An encrypted connection to your mail server is not available.

Click Next to attempt using an unencrypted connection.

image

Solution

Assuming your autodiscover service is set up appropriately and verified with the Microsoft Remote Connectivity Analyzer (https://testconnectivity.microsoft.com/) tool, this issue may be because your internal domain is different than your external SMTP domain.  In this example, the external SMTP domain is <someDomain>.com but the internal domain is <someDomain>.local.  This means that the user’s default UPN login is actually <username>.<someDomain>.local and not <username>.<someDomain>.com.  If we look closing to the default login username presented to the user, we will see that it has defaulted to the user’s email address which is not a valid login for the user:

image

One of the workarounds in this situation is to add a new UPN suffix to the domain with the external domain in Active Directory Domains and Trusts then change the user’s Account tab to use the new UPN:

image

If adding a new UPN suffix is not acceptable, the user can configure their mailbox by select User another account and change the login username to domain\username:

image

Doing so will allow the user to successfully configure their mailbox:

image

I find this simple issue can throw a lot of administrators off so I hope this post would help save someone’s time.

1 comment:

electronic signatures said...

Great blog and amazing feature.. Thanks a lot!!!! Works like a charm