Forum Discussion
outlook 2010 and 2013 continually asks for password in hybrid environment
Hello,
I have implemented a full hybrid solution with an exchange 2016 cu17 server.
I created the migexchange.it domain on o365 and synchronized the AD users via AAD connect.
The autodiscover records,autodiscover.migexchange.it, for both the lan and the internet points to my on premise server.
The automatic outlook configuration works correctly both from the LAN and from the internet for mailboxes on premises (with outlook 2010,2013 and 2016).
The autodiscover records will be moved to autodiscover.outlook.com after the mailboxes migration is complete.
I migrated, on exchange online, a test user who uses outlook 2016 and no problem.
I migrated, on exchange online, a test user with outlook 2010 and 2013 and I can't log in.
Outlook keeps asking for the password.
In my opinion it is outlook 2010 and 2013 not working properly with autodiscover in a hybrid solution but I can't find a solution that works.
The autodiscover service I imagine is configured correctly as with outlook 2016 everything works correctly (both from the LAN and from the internet).
I tried to do the solutions proposed by the articles https://docs.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/outlook-prompt-password-modern-authentication-enabled and https://docs.microsoft .com / en-us / outlook / troubleshoot / sign-in / continually-prompts-password-office-365 without success.
Unfortunately my customer cannot change all the old offices as it is quite a big expensive.
How can I solve my problem?
Thank you
Regards
pazzoide76 So it all came down to MFA via Security Defaults? That's not the first time I've heard it as I now recall another conversation with a similar issue, not identical, where I actually suggested that. It didn't struck me as a solution this time and I can only blame my six weeks vacation..
harveer singh Good job!
pazzoide76 Please mark the above reply with the solution as "Best response" for future reference.
30 Replies
pazzoide76 Hello, in addition to the previous suggestions (Modern Authentication/ADAL). Try using the ExcludeExplicitO365Endpoint registry key during the migration (and then remove it).
https://getadmx.com/?Category=Office2016&Policy=outlk16.Office.Microsoft.Policies.Windows::L_OutlookDisableAutoDiscover
Exclude initial check to Office 365 Autodiscover URL
Registry Hive HKEY_CURRENT_USER
Registry Path software\policies\microsoft\office\16.0\outlook\autodiscover
Value Name excludeexplicito365endpoint
Value Type REG_DWORD
Default Value 0
True Value 1
False Value 0The problem manifests itself with users migrated to exchange online (keep asking for login).
With users in the on-premises exchange everything works fine.
Anyway I tried the registry key but it keeps asking for the login.
I repeat that over the weekend I configured a mirror environment (in the test environment I did not enable https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help?redirectedfrom=MSDN) and outlook 2010 and 2013 clients work.
I repeat the two environments are the same changes only OAuthauthentication between Exchange and Exchange Online organizations.pazzoide76 Ah, I understand. Could it be an incorrect autodiscover entry in the migrated mailbox that's causing this? Let me see if I can find an article describing this behavior.
pazzoide76
Can you share the password prompt you are getting in Outlook 2010 client, I would like to see if it the basic authentication prompt or modern authentication one.
More details hereOutlook Basic Authentication PromptOutlook Modern Authentication Prompt- Hello pazzoide76,
Outlook 2016 has an extra step in Autodiscover process, to look for an O365 mailbox :-
https://support.microsoft.com/en-in/help/3211279/outlook-2016-implementation-of-autodiscover
Outlook 2010 and 2013 does not have these hardcoded into them. Older versions of Outlook 2010, i believe older than SP2 does not support O365 completely because of the unsupported authentication mechanism.
You can check if the migrated mailbox has a valid Remote Routing Address or Target Address. Your Autodiscover configuration is correct for now you do need to point it to your on premises, and attributes like remote routing address should be able to route your AutoD request to O365.- Can you try this for Outlook 2013, create below registry key
Registry key HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
Type REG_DWORD
Value 1
let me know if this works.
Ref Article:- https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide
I checked from ecp and the remote routing adress looks correct and is:
pizza@migexchange.mail.onmicrosoft.com
Where can I check the target address.
If they were wrong, shouldn't it not work with Outlook 2016?Thanks for your answer.
The outlooks, both 2010 and 2013, have been updated with all the patches through windows updates.
Excuse my ignorance how do I check the Remote Routing Address or Target Address.Thank you
Regards
