Outlook Clients Can't Connect and Are Prompted for Authentication Repeatedly
Topic Last Modified: 2009-12-03
This topic covers a connectivity issue that Outlook clients experience when they connect over Outlook Anywhere in an Exchange 2007 SP1 environment running on Windows Server 2008 that has Integrated Windows authentication enabled in kernel mode.
When an Outlook client using Outlook Anywhere tries to connect to Exchange 2007 running on Windows Server 2008, the client receives repeated prompts to enter their credentials and can't connect.
This is because Internet Information Services (IIS) 7.0, the Web server role in Windows Server 2008, has kernel mode enabled by default for Integrated Windows authentication.
For clients to connect by using Outlook Anywhere when the Exchange 2007 SP1 Client Access server is running on Windows Server 2008, kernel mode must be disabled for Integrated Windows Authentication on IIS.
To perform the following procedures, the account you use must be delegated the Exchange Organization Administrator role. You must have an administrator account or be a member of the Administrators group on the computer that is running Windows Server 2008, and you must have read-write access permissions to the following target server-level configuration files: Machine.config, the root Web.config file (in the .NET Framework directory), and ApplicationHost.config.
If you are running 64-bit Windows, use Appcmd.exe from the LocalDrive\system32\inetsrv directory, not the LocalDrive\syswow64\inetsrv directory.
Click Start > Run.
In the Open box, type cmd, and then press Enter.
Type the following command:
%systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false /commit:apphost
|If legacy Entourage clients exist in your organization, or you have users that connect to Outlook Web Access by using an /exchange virtual directory, you must repeat these steps on all Exchange 2007 Mailbox servers that have IIS 7 installed.|
Click Start > Run.
In the Open box, type the following file path, and then press Enter:
Right-click Appcmd.exe, and then click Run as administrator.
Type the following commands to stop IIS at the site level:
Stop Site MySite Set Site MySite /serverAutoStart:false
Type the following commands to start IIS at the site level:
Start Site MySite Set Site MySite /serverAutoStart:true