Auto-login Outlook when using AppRiver's Hosted Exchange 2007

Just a repost of some good stuff when using AppRiver's hosted exchange. Great service, by the way!

Auto-login Outlook when using AppRiver's Hosted Exchange 2007

Monday, November 9, 2009 by James Dean

Getting prompted for your user name and password each time you open Outlook from a computer not in your Exchange domain is a major annoyance.  If your using an Exchange Hosting provider it is almost a guarantee that your computer will not be apart of the same domain with Exchange.  The good news is that there is a work-a-round for this issue.

Using the default setup of Exchange 2007 w/ SP1 when you enable Outlook Anywhere you get to chose from either Basic Authentication or NTLM Authentication.  If you don't support remote non-domain clients you can chose NTLM.  Your Outlook users will be logged in based on their domain credentials used to log into their computer.  However if you want to support Outlook Anywhere from any computer outside your domain you would chose Basic Authentication.  Having the Outlook Anywhere set in Basic Authentication is what causes the annoying login prompt each time Outlook is opened.

Here at AppRiver we have configured our Hosted Exchange 2007 platform to take both forms of authentication.  You can use the instructions below to enable NTLM Authentication for your Outlook 2007 clients.  Please note that this option will not work with Windows Vista Home or XP Home Editions.

• Ensure Outlook is closed


• Open the Windows Control Panel
  
  
  
  • If you are using a 64 bit OS you will have to open the 32 bit Control Panel
  
  
  • It can be found in the normal Windows Control Panel
  
  
  
  


• Double-Click the Mail icon


• Click the Show Profiles button


• Select your AppRiver Hosted Exchange profile and click the Properties button


• Click the E-Mail Accounts button


• Double-Click the Microsoft Exchange entry


• Click the Connection tab


• Click the Exchange Proxy Settings button at the bottom


• Use these settings Microsoft Exchange Proxy Settings window opens
  
  
  
  • Ensure the following boxes are checked
    
    
    
    • Connect using SSL Only
    
    
    • Only connect to proxy servers that have this principal name in their certificate
    
    
    • On fast networks...
    
    
    • On slow networks...
    
    
    
    
  
  
  • Use "exg5.exghost.com" for the proxy server
  
  
  • Use "msstd:exg5.exghost.com" for the principal name
  
  
  • Change the Proxy authentication to NTLM Authentication
  
  
  • Click Next > Finish then close all open email settings windows
  
  
  
  


• Open Outlook


• When prompted for your user name and password, enter in both and check the Save Password box then click OK
  
  
  
  • Ensure that Outlook opens correctly and that you see the "Connected to Microsoft Exchange" in the lower right hand corner
  
  
  
  


• Close Outlook


• Click Start > Run and type in "control Keymgr.dll" then click OK


• Following the instructions for your Windows OS
  
  
  
  • Windows XP
    
    
    
    • You should see an entry ending with exg5.exghost.com
      
      
      
      • i.e. MBX01.exg5.exghost.com
      
      
      
      
    
    
    • Select the entry and click Edit
    
    
    • Change the "Log on to:" text box to say "*.exg5.exghost.com"
    
    
    • Click OK and Reboot your computer
    
    
    
    
  
  
  • Windows Vista and Windows 7 
    
    
    
    • You should see an entry ending with exg5.exghost.com
      
      
      
      • i.e. MBX01.exg5.exghost.com
      
      
      • If you do not then something did not work correctly, please start at the beginning and try again
      
      
      
      
    
    
    • Click the Add button
    
    
    • For the "Log on to:" text box enter in "*.exg5.exghost.com"
    
    
    • Enter in your AppRiver Hosted Exchange user name and password
    
    
    • Chose the "A Windows logon credential" option for the Credential Type
    
    
    • Click OK and Reboot your computer
    
    
    
    
  
  
  
  

If your an AppRiver customer please give us a call if you have any problems enabling NTLM Authentication for your Outlook client.

For those Exchange Administrators out there, if you would like to enable both forms of Authentication for Outlook Anywhere users here is the cmdlet to get it done.  Allow for 30 minutes of replication time after the cmdlet is ran to insure IIS has taken the change.

Set-OutlookAnywhere -identity <server nameRpc (Default Web Site)> -IISAuthenticationMethods basic,ntlm

*Please note this cmdlet has to be ran for each CAS that takes connections for your Outlook Anywhere users.*


-Good Luck

James Dean
Senior Exchange Engineer - AppRiver, LLC

Best Regards, 

Kyle B. Hanson 
Mobile Computer Wizard 

619-796-4629 Mobile 
858-345-0382 Office 
www.mobilecomputerwizard.com