Hi,
Welcome to Microsoft Q&A community.
To enable NTLMv2 without using NTLMv1 and maintain the authentication pages on OWA, you can follow these steps:
Disable NTLMv1 and LM Protocols:
Ensure that NTLMv1 and LM protocols are disabled on both the client machines and the domain controllers. This can be done through Group Policy:
Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
Set Network security: LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM1.You can refer to:How to enable NTLM 2 authentication and,Stop using LAN Manager and NTLMv1!
Configure OWA for Integrated Windows Authentication:
In the Exchange Management Console, navigate to the OWA virtual directory.
Ensure that “Integrated Windows authentication” is enabled.
To avoid the pop-up and keep the forms-based authentication, you can use a combination of forms-based authentication and NTLMv2. This involves configuring the authentication settings in the web.config file of the OWA virtual directory.
Modify the web.config File:
Locate the web.config file for the OWA virtual directory (usually found in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa).
Edit the web.config file to include the following settings under the <authentication> section:
<authentication mode="Forms">
<forms loginUrl="login.aspx" protection="All" timeout="30" />
</authentication>
<authentication mode="Windows">
<providers>
<add name="NTLM" />
</providers>
</authentication>
This configuration allows you to use forms-based authentication while ensuring that NTLMv2 is used for authentication.
Test and Verify:
After making these changes, restart IIS using the command iisreset to apply the new settings.
Test the OWA login to ensure that users are presented with the forms-based authentication page and that NTLMv2 is being used for authentication.
By following these steps, you should be able to enable NTLMv2 without using NTLMv1 and maintain the authentication pages on OWA, providing a seamless experience for your users.