In the situation I came across, Outlook 2007 clients were constantly prompting for a password eventhough the users were on the LAN, members of the domain, and logged in to the PC with domain credentials. While I found several potential causes, the solution ended up being an SSL setting in IIS on the mail server.
The solution was to allow client certificates on the virtual directory for Exchange Autodiscover. It turns out the clients were attempting to use the Autodiscover service with Exchange 2007 to detect settings and the website wasn’t accepting their client certificate. The client certificates are apparently used for encryption between the client and the server. Disabling the checkbox to enable that type of communication may also have been a solution, but this is a better one because it maintains the security of an encrypted channel. Here are the instructions:
- Using IIS6 – Click Here
- Using IIS7 – Open the IIS manager. Expand the Sites group and expand down to the Autodiscover virtual directory. Select this virtual directory then selec “SSL Settings” from the center pane. In the settings window, select “Accept Client Certificates”.
In addition, the authentication settings on this virtual directory can also cause this to happen if not configured correctly. Just make sure that Integrated Windows Authentication is checked.