Windows Vista/7 with Outlook 2007 and Riverbed Optimizations

Just passing along as FYI, but I ran into a situation last week when running Outlook 2007 on Windows Vista or 7. Using the default security settings shown below, a user could not create a new mail profile. It did not matter if you tried to create the profile using Exchange 2007 Autodiscover or Manually. When creating the mail profile, a domain authentication pop-up kept appearing and even thought the machine was joined to the domain and valid user credentials were entered, the authentication pop-up persisted. Ultimately, the user account would be locked out.

If we unchecked Encrypt data between Microsoft Office Outlook and Microsoft Exchange, you could successfully create a new mail profile. After the mailbox was opened for the first time, we checked the box once again, and the domain authentication pop-ups returned.

We also noticed that if changed Logon Network Security to Kerberos Password Authentication, you could leave the “Encrypt” option enabled.

So, to successfully create a new mail profile, launch Outlook, and use Outlook encryption successfully, we had to:
a. Disable the encryption option (when creating the profile, you could click More Settings and then the Security tab to disable)
b. Launch Outlook and let it build the mailbox
c. Close Outlook
d. Re-enable the Encryption option, remembering to also set logon network security to Kerberos Password Authentication.
e. Open Outlook

But really, who wants to go through all this to create a mail profile?

We had a test lab, duplicating our production environment (almost) and we could not duplicate the issue within the lab. Now, in production, the Exchange servers and the end users are in different physical locations. The Exchange servers run on ESX servers located in the “Co-Lo” datacenter. The lab existed within our office building, thus nothing was going over the WAN.

We went over to the datacenter with a Windows 7 machine to verify if our problem lied somewhere with the network setup/gear, and sure enough, our test machines worked just fine with Outlook’s default Encryption and logon network security settings.

The network traffic between the datacenter and office building is optimized with Riverbed appliances. In speaking Microsoft on this issue, it turns out that, when running Outlook 2007 on Windows Vista or 7, the optimization Enable MAPI Exchange 2007 Acceleration needs to be disabled to use Outlook 2007’s default security settings.

At this time, I personally cannot verify that the issue is resolved by disabling this optimization, I only have Microsoft’s “word” as the network team wants to open a case with Riverbed to discuss the issue further. However, as soon as I hear any additional information concerning this issue, I’ll pass it along. Again, I just wanted to pass along the information. If you have additional information, please leave a comment, I’d love to hear them.

4 Comments

Filed under Microsoft, Windows Desktops, Windows Server

4 responses to “Windows Vista/7 with Outlook 2007 and Riverbed Optimizations

  1. ALERTA!

    La estafa automotriz mas grande en el territorio Mexicano…

    Para MAS informacion pinche:

    http://pedromillan.blogspot.com/

    Gracias

  2. Anonymous

    We have the exact same problem here, but some users being optimized are ok in different offices, and just one has the issue as you described in my office. If you have any follow-up I would be interested in hearing. Also, do you have a KB article that says MAPI optimization needs to be disabled?

  3. There are a lot of softwares in the Internet,which work with password. But couple days ago no one of it couldn't help me. But for luck I called a friend up and advised me – password forgotten outlook. I used it and was wondered,because of it restored my old lost email passwords for a minute and absolutely free as far as I remember. My sister said the same words about this tool.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s