locked
Use NTLM authentication in outlook, it is failed? RRS feed

  • Question

  • Hi,

    Currently I am using the Basic Authentication in outlook to connect to my exchange 2003 server (RPC over Http). BUt if I change the authentication method to NTLM, the connection states fail.

    My question is: how can I let the NTLM work on the outlook when connecting to my exchange server?

     

     

    Many thanks.

    Wednesday, July 13, 2011 2:01 PM

Answers

  • To use NTLM it needs to be set on the RPC virtual directory, as well as in Outlook. If you change, ensure that you run IISRESET to make the change stick. You can have both Basic and Integrated enabled.

    However some firewalls will break NTLM authentication, therefore it may not work for you outside the network. It does work, as I have used it for many years, using it right now.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Thursday, July 14, 2011 12:18 AM
  • Yes, In the Authentication Methods window, under Authenticated access, you have to select the check box next to Integrated Windows authentication (NTLM).
    Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
    Thursday, July 14, 2011 3:00 AM
  • Hi,

     

    How does the connection states fail? Did you being prompted for credential? Or you receive any other error message when you try to connect?

     

    NTLM authentication is also known as Integrated Windows authentication. To enable NTLM, you need to logon windows as your domain user account, which must be the same as your mailbox account. This is because that, if you use NTLM authentication, Outlook tries to use your current Microsoft Windows® operating system logon information. If your current Windows operating system logon information fails, Outlook prompts you for domain, user name, and password information.

     

    Not only you need to change the authentication on RPC virtual directory, but also you need to change the authentication method you setup in Outlook profile.

     

    So, verify what user account you are using to logon Windows when you try Outlook connection via ROH, and make sure it is the correct domain user account.

     

    Also, verify the Outlook Exchange proxy server configuration and insure it is set to NTLM.

     

    For more information about requirements for RPC over HTTP to use the current Windows operating system logon information, see “RPC over HTTP Authentication and Security” section on the downloading document provided in http://support.microsoft.com/kb/833401.

     

    Best regards,

    Fiona Liao

     
    Friday, July 15, 2011 5:49 AM
    Moderator

All replies

  • Please go thru with this thread.

    http://social.technet.microsoft.com/Forums/en-GB/exchange2010/thread/28221d9b-9538-4fa2-ba26-38c5f4968a1f


    Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
    Wednesday, July 13, 2011 3:48 PM
  • To use NTLM it needs to be set on the RPC virtual directory, as well as in Outlook. If you change, ensure that you run IISRESET to make the change stick. You can have both Basic and Integrated enabled.

    However some firewalls will break NTLM authentication, therefore it may not work for you outside the network. It does work, as I have used it for many years, using it right now.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Thursday, July 14, 2011 12:18 AM
  • I do not have firewall front my exchange server (FE). So I only should enable the intergrated windows authentication in the RPC vd to let the outlook anywhere can be working under NTLM, right?

     

    Thanks.

    Thursday, July 14, 2011 2:15 AM
  • Yes, In the Authentication Methods window, under Authenticated access, you have to select the check box next to Integrated Windows authentication (NTLM).
    Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
    Thursday, July 14, 2011 3:00 AM
  • Hi,

     

    How does the connection states fail? Did you being prompted for credential? Or you receive any other error message when you try to connect?

     

    NTLM authentication is also known as Integrated Windows authentication. To enable NTLM, you need to logon windows as your domain user account, which must be the same as your mailbox account. This is because that, if you use NTLM authentication, Outlook tries to use your current Microsoft Windows® operating system logon information. If your current Windows operating system logon information fails, Outlook prompts you for domain, user name, and password information.

     

    Not only you need to change the authentication on RPC virtual directory, but also you need to change the authentication method you setup in Outlook profile.

     

    So, verify what user account you are using to logon Windows when you try Outlook connection via ROH, and make sure it is the correct domain user account.

     

    Also, verify the Outlook Exchange proxy server configuration and insure it is set to NTLM.

     

    For more information about requirements for RPC over HTTP to use the current Windows operating system logon information, see “RPC over HTTP Authentication and Security” section on the downloading document provided in http://support.microsoft.com/kb/833401.

     

    Best regards,

    Fiona Liao

     
    Friday, July 15, 2011 5:49 AM
    Moderator