RPC over HTTP requires additional authentication

[Guest]

When I configure Outlook 2003 for RPC over HTTP it requires me to enter
username/password again. I have already entered it when I logged into the
domain so why should I have to re-enter it? It is very irritating. I am
assuming there is some workaround for this annoyance. Does anybody know how
to get around this problem or have you all accepted retyping your
username/password?
Any suggestions would be greatly appreciated.

Thanks,
Stephen

 

[Mark Arnold [MVP]]

When I configure Outlook 2003 for RPC over HTTP it requires me to enter
username/password again. I have already entered it when I logged into the
domain so why should I have to re-enter it? It is very irritating. I am
assuming there is some workaround for this annoyance. Does anybody know how
to get around this problem or have you all accepted retyping your
username/password?
Any suggestions would be greatly appreciated.

Thanks,
Stephen

No, you would expect to have to enter your logon credentials when you
access an SSL website wouldn't you?
RPC over HTTPS is accessing the exchange server using Basic
Authentication over SSL. You must enter the credentials when prompted.

 

[Rich Matheisen [MVP]]

When I configure Outlook 2003 for RPC over HTTP it requires me to enter
username/password again. I have already entered it when I logged into the
domain so why should I have to re-enter it? It is very irritating. I am
assuming there is some workaround for this annoyance. Does anybody know how
to get around this problem or have you all accepted retyping your
username/password?
Any suggestions would be greatly appreciated.

If you're logging on to the domain, why are you using RPC-over-HTTPS
(note the "S", which is missing from your description) to get to your
Exchange server? Aren't you already using a VPN or a direct connection
to the LAN?

 

[Guest]

If you're logging on to the domain, why are you using RPC-over-HTTPS
(note the "S", which is missing from your description) to get to your
Exchange server? Aren't you already using a VPN or a direct connection
to the LAN?

When I am in the office, I have a direct connection to the LAN but when I am
home, then Outlook uses RPC over HTTPS.

Mark said, "you would expect to have to enter your logon credentials when you
access an SSL website," but I would never EXPECT to enter my logon
credentials when accesing an SSL website that I access multiple times a day.
I would check that little box that says, "Remember my password."
There should be some way to have Outlook store my password or for it to use
my Windows logon information since my computer is joined to the domain. If
IE or any other web browser can do it, why can't Outlook? Somebody has to
know of some workaround.

Thanks for any suggestions.

Stephen

 

[Rich Matheisen [MVP]]

[ snip ]

When I am in the office, I have a direct connection to the LAN but when I am
home, then Outlook uses RPC over HTTPS.

And at that time the "Slow" connection is used becasue you're not
connected through a VPN, and your aren't logged in to the domain.

If you tell OL to use RPC-over-HTTPS for both fast and slow
connections you'll see the same behavior when you connect to the
Exchange server from the office.

Mark said, "you would expect to have to enter your logon credentials when you
access an SSL website," but I would never EXPECT to enter my logon
credentials when accesing an SSL website that I access multiple times a day.
I would check that little box that says, "Remember my password."

Bad security. I wish MS would nuke that feature in everything but
handheld devices where the keyboard is too small to enter the password
without making a lot of mistakes (try entering a 14-character long
password in Japanese on a SmartPhone!).

There should be some way to have Outlook store my password or for it to use
my Windows logon information since my computer is joined to the domain.

Your computer has its own account. Your's is different. And, in any
case, you aren't logged in to the domain and the authentication for
RPC is correctly set to "Basic" which means it won't use the
credentials you used to log in to the desktop (which isn't the same as
the domain).

If
IE or any other web browser can do it, why can't Outlook? Somebody has to
know of some workaround.

I'd hope there isn't one.

 

[Guest]

Your computer has its own account. Your's is different. And, in any
case, you aren't logged in to the domain and the authentication for
RPC is correctly set to "Basic" which means it won't use the
credentials you used to log in to the desktop (which isn't the same as
the domain).

How is my account different? Is it not just using cached credentials to log
into the SAME account? It would work just fine logging in this way if RPC
over HTTP wasn't enabled since Exchange MAPI is also published on my ISA
Server. I would always connect this way if ISP's between my home and office
didn't block port 135 from time to time.

Stephen

 

[Rich Matheisen [MVP]]

How is my account different?

Because it's not the same as the computer's account in the AD. While a
computer is also in the user objectClass it's not the in the same
objectCategory.

Is it not just using cached credentials to log
into the SAME account?

Only on the desktop, not the domain. And the authentication on the IIS
virtual directory is set to "Basic", not "Integrated".

It would work just fine logging in this way if RPC
over HTTP wasn't enabled since Exchange MAPI is also published on my ISA
Server.

No, it would work differently because the MAPI/RPC uses your desktop
OR domain credentials. But, more importantly, it's not using HTTPS and
the authentication isn't set to "Basic" because there's no IIS Virtual
Directory security.

I would always connect this way if ISP's between my home and office
didn't block port 135 from time to time.

There's at least one good reason to deny RPC.