Simon Barratt

Office Communicator 2007 prompts for credentials

We are just about done with our migration from Exchange 2003 to Exchange 2007 - this is no upgrade believe me!

All our Front End servers are now CAS servers and half of our Back End server are now Mailbox servers.

However, what we noticed after moving mailboxes onto the 2007 servers was that Office Communicator 2007, started prompting for credentials, but only when not on the corporate network.  We utilise an OCS Edge server to allow Communicator to connect with requiring a VPN.


Now that the users mailbox is on an Exchange 2007 server, Office Communicator inherits the same autodiscover behaviour (uses the same dll's) and now looks for the Exchange Web Services to extract free/busy information.

The initial login to Office Communicator worked just fine, but you got the password prompt about 5 seconds or so later.  Using WireShark we could see the various DNS requests and the final successful request for autodiscover (we are using the SRV record method) which then prompted for the password.

After a lot of searching and testing Scott send me a link to this site which explains what is going on.

I executed the recommended script and restarted IIS

C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders "NTLM,Negotiate"

After that, no more password prompts in Office Communicator, and even more importantly, no impact on the existing client configurations of OWA,  RPC over HTTPS and ActiveSync - which is always a relief!

I also noted that if you are using Office Communicator 2007 R2 you do not get the authentication prompt at all - so Microsoft must of corrected the negotiation methodology in that release.