Outlook Anywhere & Continuous Login Prompts
So, you’ve deployed Exchange 2010, secured it with Microsoft Forefront Threat Management Gateway (TMG) and want to take advantage of Outlook Anywhere. After enabling Outlook Anywhere in Exchange, and creating the appropriate Exchange Web Client Access rules in TMG, you discover that your Outlook clients are continuously prompted for a username and password, and the correct credentials just don’t work.
While this could be caused by anything from an incorrect/invalid certificate to a broken or improperly configured Outlook client, it is important to remember that TMG stands between your Outlook clients and the Exchange Client Access Server. It’s probably worth a look there, to make sure TMG isn’t your problem.
In TMG, open your Outlook Anywhere publishing rule, and click the “Test Rule” button. You may be presented with an error like this:
“Error details: The authentication delegation method defined in the rule does not match the authentication method selected for the published directory on the server hosting the site.”
In order to TMG to correctly pass credentials, the authentication method for the publishing rule must match the authentication method configured in Exchange. Basic authentication is the most common and easiest to configure, but Negotiate/Kerberos is possible as well.
Once the authentication methods match, credentials should pass correctly, and Outlook Anywhere clients will be able to successfully authenticate and open the mailbox.