Export (0) Print
Expand All

Outlook Clients Can't Connect and Are Prompted for Authentication Repeatedly

 

Topic Last Modified: 2009-12-03

This topic covers a connectivity issue that Outlook clients experience when they connect over Outlook Anywhere in an Exchange 2007 SP1 environment running on Windows Server 2008 that has Integrated Windows authentication enabled in kernel mode.

When an Outlook client using Outlook Anywhere tries to connect to Exchange 2007 running on Windows Server 2008, the client receives repeated prompts to enter their credentials and can't connect.

This is because Internet Information Services (IIS) 7.0, the Web server role in Windows Server 2008, has kernel mode enabled by default for Integrated Windows authentication.

For clients to connect by using Outlook Anywhere when the Exchange 2007 SP1 Client Access server is running on Windows Server 2008, kernel mode must be disabled for Integrated Windows Authentication on IIS.

To perform the following procedures, the account you use must be delegated the Exchange Organization Administrator role. You must have an administrator account or be a member of the Administrators group on the computer that is running Windows Server 2008, and you must have read-write access permissions to the following target server-level configuration files: Machine.config, the root Web.config file (in the .NET Framework directory), and ApplicationHost.config.

If you are running 64-bit Windows, use Appcmd.exe from the LocalDrive\system32\inetsrv directory, not the LocalDrive\syswow64\inetsrv directory.

Disable kernel mode in Integrated Windows authentication on the computer running the Exchange 2007 SP1 Client Access server role on Windows Server 2008
  1. Click Start > Run.

  2. In the Open box, type cmd, and then press Enter.

  3. Type the following command:

    %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false /commit:apphost
    
noteNote:
If legacy Entourage clients exist in your organization, or you have users that connect to Outlook Web Access by using an /exchange virtual directory, you must repeat these steps on all Exchange 2007 Mailbox servers that have IIS 7 installed.
Stop and start IIS on the Exchange 2007 SP1 Client Access server running Windows Server 2008
  1. Click Start > Run.

  2. In the Open box, type the following file path, and then press Enter:

    %windir%\system32\inetsrv
    
  3. Right-click Appcmd.exe, and then click Run as administrator.

  4. Type the following commands to stop IIS at the site level:

    Stop Site MySite
    Set Site MySite /serverAutoStart:false
    
  5. Type the following commands to start IIS at the site level:

    Start Site MySite
    Set Site MySite /serverAutoStart:true
    
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft