This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 95%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi,
We were asked to post our question from different MS forum to here,
as this would be the correct place?
(see https://answers.microsoft.com/en-us/outlook_com/forum/all/outlook-login-issues-after-exchange-2019-cu13-and/493916bf-4133-4ebd-820e-e807eaf126c6 )
We have an On-premises Exchange server 2019 running on server 2022, which we last weekend updated from cu12 to cu13. Then we added the June exchange server Security Update For Exchange Server 2019 CU13 (KB5026261) onto the Exchange server.
The server 2022 is at the latest patch level.
Since the update of the Exchange server (with these two patches), sporadic Outlook 2016, 2019 (and a old test system with Outlook 2013) get a login screen directly when starting Outlook, making it unusable.
We 1st fixed this issue by creating a new Outlook profile.
Outlook for the first time starts without any issues.
Though after the user exists Outlook and starts Outlook, the login screen reappears.
Second, we renamed the “Outlook” directory located in
c:\Users<username>\AppData\Local\Microsoft
Then Outlook will start without a login screen.
Until all folders are synched and Outlook is closed ……
The temporary fix was to delete the Outlook folder again (and again …)
In both cases, it takes a while until the user sees all of the emails, because “cached exchange mode” is enabled within the domain.
Event Type: Information
Event Source: Outlook
Event Category: None
Event ID: 19
Date: 11.07.2023
Time: 11:04:10
User: N/A
Computer: computer.test.domain
Description:
Chiamata RPC (EcDoConnectEx) durante il trasporto (unknown) al server (https://mail.test.domain/mapi/emsmdb/?MailboxId=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee@test.domain)
non riuscita con codice di errore (80040413) dopo un'attesa di (6078) ms; eeInfo (none).
Event Type: Information
Event Source: Outlook
Event Category: None
Event ID: 19
Date: 11.07.2023
Time: 11:04:10
User: N/A
Computer: computer.test.domain
Description:
Chiamata RPC (NspiBind) durante il trasporto (unknown) al server (blocked-by-it-https://mail.test.domain/mapi/nspi/?MailboxId=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee@test.domain)
non riuscita con codice di errore (80040413) dopo un'attesa di (8235) ms; eeInfo (none).
Event Type: Information
Event Source: Outlook
Event Category: None
Event ID: 19
Date: 11.07.2023
Time: 11:04:10
User: N/A
Computer: computer.test.domain
Description:
Chiamata RPC (EcDoConnectEx) durante il trasporto (unknown) al server (blocked-by-it-https://mail.test.domain/mapi/emsmdb/?MailboxId=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee@test.domain)
non riuscita con codice di errore (80040413) dopo un'attesa di (6766) ms; eeInfo (none).
We checked DNS, Dhcp and Wins settings and could not find any issues.
Then we went into the GPO settings and disabled the
“Use Cached Exchange mode for new and existing Outlook profiles”
in Policies -> Windows Settings -> Administrative Templates -> Microsoft Outlook 2016 -> Account Settings -> Exchange -> Cached Exchange Mode
After this setting was disabled within the domain, the Outlook login problems disappeared.
All users who reported the problem can now use Outlook without a login dialog blocking access to outlook.
I wonder,
what does the “Cached Exchange mode”
have to do with the login to the Exchange server, this does not make any sense.
Also, that I cannot find any KB Articles related to this very strange behavior.
We alco received complaints, that the Exchange server based search is also no longer working correctly since the Exchange Server was updated (the search never ends and displays an error that “we have problems accessing results from the server, search on local computer instead?).
This is all very strange,
I wonder if MS is aware of these issues and if a fix is available (this cannot be by design?).
We cannot find anything on the Internet which can fix this issue.
We also have the option “ExcludeExplicitO365Endpoint" set to 1 in HKEY_CURRENT_USER\SOFTWARE\Microsoft\office\16.0\outlook\autodiscover
within our network.
Best Regards,
J.Mann
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 65%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Hi @Justin Mann ,
If you use NTLM authentication, try this:
https://www.stephenwagner.com/2017/11/05/mapi-over-http-outlook-password-prompt-external-users/
Regards:
Szabó László
Hi @Justin Mann ,
This indeed sounds weird that the login issue only occurs in Cached Exchange mode. As regards to your concern about the recent update, I tried searching around but so far haven’t seen similar reports. I also checked the known issues related to Exchange2019CU13, but didn't seem to find the problem you mentioned. In the following blog about the security updates, it seems that no related issues have been posted in the discussion area.
Blog: Released: June 2023 Exchange Server Security Updates
In addition, to understand your problem more intuitively, can you provide us with a screenshot when the problem occurs?
Regards
Shaofan
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Shaofan,
unfortunatly,
we do not have a screenshot from the login dialog from that moment when the issue happend.
I just simulated a login dialog by locking a account and then starting Outlook which looks the same (only, I do not remember if the users having the issue got the message "Profil wird geladen (profile is loading)" below (or not)).
We are now continuously able to reproduce the login error with an old Office 2013 (latest version, no longer supported by MS) on a server 2012 r2 terminal server.
We tried to reproduce the error with Office 2016 and 2019 without success, because the error happens too sporadic. We had users report that the could not log in, when we checked, then the error was gone.
The login screen is slightly different to the 1st screenshot, office is stuck with a "wird verarbeitet (is beeing processed)" at the bottom of the Outlook dialoge wthen the login appears.
With an old Office 2013 you could try to enable ADAL in the following registry.
Important: Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
1.Open the Run window by pressing Windows key + R. Then, type “regedit” into the text box and hit Enter.
2.You will be prompted to grant admin access by the UAC (User Account Control). Tap on Yes.
3.You can navigate to the following location once you’re inside the Registry Editor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL. If you paste the address directly into the navigation bar and press Enter, you can also get to that location instantly.
4.Inside the Identity key, click the EnableADAL button, set the value to 1 and the Base to hexadecimal. In case the value REG_DWORD is not created, create yourself by right-clicking on an empty space > New > Dword (32-bit) value.
5.The changes will take effect once you restart your computer. Quit the Registry Editor and then restart your PC.
This is what the connection status looks like, when
1st, after the Outlook profile is created, where Outllok starts without issues,
then
2nd, Outlook is started a 2nd time, with log screen.
(screenshot is very wide!), Authentication indicates Fehler* (error*)
We reviewd the Article from Szabó László, which didn't quite help.
Also compared the server virtual directory settings
If I turn on "Windows Authentication - Negotiate",
then nobody can work with the Exchange server,
everybody with Outlook 2013, 2016 and 2019 will then get the login dialog
preventing access to the server, even if Outlook Exchange Caching is disabled,
so we turned it off again for now.
Best
Justin
Hi Justin!
Please read this article carefully:
"We now need to modify the Authentication settings inside of IIS to remove Negotiate from both the mapi and EWS directories."
So you have to check both Virtual directory authentication settings in IIS, in my case the Negotiate provider appeared in EWS after the CU13 installation. As I removed it, the authentication pop-ups dissappeared.
Regards:
László
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 98%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
I did a check on what you said between some servers which are still in CU11 2019 or CU22 2016, with one recent CU23 2016 that I updated yesterday and had the issue.
They all have same parameters for virtual directories, in ECP or IIS manager...
So if Microsoft forces Modern auth, then its forced somewhere else...