Re: Logon prompt while archiving

channaveera_swa · ‎10-14-2006

Hi

My EV setup is EV6 SP3. All outlook users are with full EV client. When some of the users try to archive the mails, they are prompted for logon.

For some users after logon the archive works fine, bur for some the logon prompt reappears and keeps repeating.

I tryed the SET command on few users and all users are pointed to the same logon server.

Suresh_Vangara · ‎10-15-2006

Swamy

This is very simple....I guess IE is not passing on proper logon credentials....please do the following.

1. Add the following to the IE's local intranet zones on all Clients. You can also push this through EVAC or GP

http://evservername.domain.com
http://evserveralias.domain.com

2. Add *.domain.com to the proxy bypass list of IE on all clients. You can push this thru GP

3. Open IE options >> security >> local intranet >> custom level >> make sure "Automatic logon in Local Intranet Zone" option is selected under "User Authentication"

4. Finally make sure you have configured basic and IWA on the "EnterpriseVault" virtual directory in IIS on the EV Server.

I am sure after you check all this...you will be fine.

regards

Suresh

channaveera_swa · ‎10-16-2006

Thanks Suresh,

The problem is with outlook not with OWA. Any how the IE's local intranet zones on all Clients have been configured with "Automatic logon in Local Intranet Zone" option under "User Authentication"

No changes were made to any of the EV settings recently. This logon prompt problem is seen on quite a few users. Their MAPI workes fine with no issues. The problem starts with archived mails or while archiving.

Carl_Swanson · ‎10-26-2006

Have you fixed your issue? We just upgraded to EV6.0sp3 from sp1 and our users setup under cache mode with rpc over http experience this. They get prompted to login to outlook which is normal and then prompted again if offline vault updates, or the try and open a vaulted item or click the search vaults/archive explore buttons. This open happens once but is still annoying if they already authenticated by opening outlook.

channaveera_swa · ‎10-26-2006

it's the same case as you have mentined in your comment except for we don't have RCP over HTTP and not all the users are facing this problem. I configured their profile on my desktop, but still the problem persists. I even followed the suggestion given by suresh, but still the problem exists. The users are fed up with this logon prompt, some even said they see logon prompt even in their dreems.

Anyhow their mailbox is now disabled for arching. I'm hoping for some kind of fix form symantec.

W_Wintermute · ‎10-26-2006

Check Local Intranet Options/Security/Local Intranet/Sites/Advanced
Compare a workstation that�s working, with one that is not working.

Check IE Tools, Internet Options/, Custom Level, User authentication is set to "Automatically login with current user name and password". This may be set to force a prompt.

Check if a Proxy Server is defined - a proxy server on the internal network may need to be set to allow authentication details to be sent to the Vault Server

Check that Enterprise Vault Virtual Directory/ Integrated Authentication is set - if impacting all users

Create a Virtual Directory in IIS on EV Server with an .asp page. Try to open .asp page from the workstation. Are you prompted? Then problem is external to EV.

Is Windows managing passwords?
Go to the User Account screen Click Start > Settings > Control Panel > User Accounts.
Click the Advanced Tab and then Manage Passwords.
Are there web sites that Windows is managing? Remove the EnterpriseVault Webapp URL.

Suresh_Vangara · ‎10-28-2006

Dear Carl Swanson,

If you have RPC over Http configured, you will have to mention the EV virtual directory URL in the mailbox policies. to do this ...

go to policies in EVAC >> exchange >> mailbox >> right click the policy >> advanced tab >> select "desktop" in the drop down list

locate the setting that says "rpc over http url" and enter the following

http://evserver.domain.name/enterprisevault

Synchronise mailboxes...check the queues to make sychronisation is complete, close outlook and open again. There you go...the prompt is gone, but there is problem with this...this will solve your problem on the local intranet, but when a user is connected on an external network, there will a problem, if you want to know how to fix that, please let me know.

regards

suresh k vangara

Carl_Swanson · ‎10-30-2006

yeah... Need VPN connection. Kinda defeats the purpose of rpc over http but it does put the broswer search button back in the search vaults which is nice. I don't know if it's a missing feature or not supported through rpc over http but the browser search dissappeared for those users. Either way users have to authenticate twice. I'd rather be prompted cause if not you get a bunch of errors and blank pages and that would of course turn in to "E-Mail is down!"

Thanks for you suggestion.

Suresh_Vangara · ‎10-30-2006

Carl,

After you configure the "RPC over Http url" in the mailbox policies you will not be prompted for again for logon credentials.

Have you tried enabling offline vault....try it....you will have problems if this URL is not set in the mailbox policy.

We have almost reached to a resolution, i will post that what we did if you are interested.

cheers

suresh

channaveera_swa · ‎10-31-2006

Hi,

I just found out that User B has configured his outlook profile in user A's windows profile. User A is not enabled for archiving. In IE - > security -> local intranet -> custom level -> Authentication -> Automatic logon with current user and password is set.

Does this seems to be a problem for repeated logon prompt in outlook? I was wondering how IE settings control outlook logon functionality !!

am i wrong somewhere ?

Atul_R · ‎12-20-2006

Hi all
I am experiencing the same issue (being prompted for credentials) with a few users out of a user population in the 1000's. We have Exch 2003, Windows Server 2003 and EV 6.0 SP3, users are with Outlook 2000, 2002 or 2003 with the EV client. Exchange is configured as FrontEnd/BackEnd servers. We do have RPC over HTTP configured. Users access via Outlook mostly but often via OWA too.
We have multiple EV servers (8 in place with 1 Directory Service box, plus another 8 coming online next week).
The first some incidents were caused by the lack of the EV client s/w installed on the user's w/s. Installing the s/w took care of those. However, now I have some cases where the user has the client s/w but still experiences the same issue.
Some cases have been fixed by recreating the user's Outlook profile and a couple by creating a new Windows profile for the user. But a few stubborn cases defy resolution. .............. thanks ............ Atul

Alan_M · ‎12-20-2006

One of the common causes for logon prompts involve the user logging onto the computer with a user account different from the account associated with their mailbox. For example logging on with a local computer account while their mailbox is associated with a domain account. Any variation of this will cause logon prompts because EV uses the security context of the user to authenticate.

Another common cause is the lack of correct entries in the local intranet zone of IE. These entries determine when integrated windows authentication can be used so an in complete list will cause logon prompts.

Given you relatively few users it is unlikely to be option 2 so I'd start with option 1.

Atul_R · ‎12-20-2006

Hi Nue vo, Thank you very much for the quick response.
However, I have already confirmed that the user is using his/her regular domain account which is the only one associated with their mailbox. Also checked that the local intranet zone contains the correct entries.
Even confirmed that the workstation being used is a member of the domain.
I wonder whether this info helps you get a more accurate picture of the issue. I must confess that I have not got every affected user to get a new Windows profile created, as in a few cases even that has not helped.
Thanks ........ Atul

Alan_M · ‎12-20-2006

Turn client side logging to maximum and see if that sheds any light.

Atul_R · ‎01-16-2007

Thanks for that suggestion. Sorry for the delayed response. Will try it out and update this thread.

Atul_R · ‎01-22-2007

Sorry for the delay in getting the client trace. I got one of the affected users to do it. One thing that might help you troubleshoot is this: When the user gets the prompt, it is prefilled with "HisEVServer\username". This is possibly the root of the problem - as the user obviously logs on as "Domain\username".
I must mention that if I get the user to type his domain\username/password in that dialog box, he is able to access the archived message.

I have the client log with me - if you could advise about what I might look for.

I tried to compare his log with my own, and noticed this in his log:
22/01/2007 18:04:01.943: CDownloadBytes::FetchSaveset
22/01/2007 18:04:01.993: ~CDownloadBytes::FetchSaveset
22/01/2007 18:04:02.189: CDownloadBytes::Complete
22/01/2007 18:04:02.687: CDownloadBytes::End
Whereas my log is as below:
22/01/2007 18:22:02.421: CDownloadBytes::FetchSaveset
22/01/2007 18:22:02.452: ~CDownloadBytes::FetchSaveset
22/01/2007 18:22:02.506: CDownloadBytes::Complete
22/01/2007 18:22:02.999: ~CDownloadBytes::Complete

Any asistance will be greatly appreciated --- thanks

Atul_R · ‎01-23-2007

Hi Alan
I managed to get the client trace and have pasted a portion into this thread. Please take a look and advise when you get a chance.
Thanks

Jason_Bunn · ‎01-25-2007

Atul,

Do your clients have an internet proxy configured in IE?

We had a similar issue and it was our proxy that was placing the computer name instead of the domain while passing credentials.

On the client we were able to change the HTTP settings in the advanced area of IE. I believe we set it to use http 1.1 only and it passed the credentials correctly.

You can also try taking the proxy out of the mix and letting it resolve on it's own.

JB

Jeffrey_Padilla · ‎01-25-2007

I also am having a very similar issue. I have followed all the steps on this post and now can open all archives normally without entering login credentials. The only problem that I have now is one archived email will not work. It still prompts me for login credentials. All other email works ok, except for this one email. I can restore it from the Vault and it opens ok, I then archive it and it starts to prompt me for login credentials. I forwarded this problem archive to my Outlook and it opens fine archived or not. We have checked IE settings, Zapped the account, gone through all the steps found on this post. Any ideas on this particular archive? Thanks.

Atul_R · ‎01-26-2007

Jason, thanks for the suggestion. However, I checked with one affected user, and he didn't have any proxy configured, HTTP1.1 is checked, Enable IWA also checked under IE advanced (I discovered this setting and was hopeful this might be causing the issue).
There are relatively very few users facing this problem. A few I have been able to resolve by renaming their existing Windows profiles, thus forcing the creation of a new one. But this is not usually welcomed by the users, so I was looking for a better option - and hopefully try to figure out what exactly is causing it.
Thanks anyway - Will appreciate any other suggestions that you might have.

VOX

Logon prompt while archiving