Exchang 2019 - Outlook Credentials Prompt on Domain joined External Users

HanakJ 86 Reputation points


I solve the problem in that if I have Negotiaton set up with MAPL together with NTLM, then in case the user disconnects from the VPN, Outlook will prompt him to enter the username and password, either instantly or after some time.

I found some way to solve this however in this solution it is necessary to remove Negotiation and leave NTLM. What do you think of NTLM, is this a good solution? Thanks a lot

Solution source: https://www.stephenwagner.com/2017/11/05/mapi-over-http-outlook-password-prompt-external-users/

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,108 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,339 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. KyleXu-MSFT 26,206 Reputation points


    Here is some information about Negotiate Authentication Methods:

    Microsoft Negotiate is a security support provider (SSP) that acts as an application layer between Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request and picks the best SSP to handle the request based on customer-configured security policy.​​

    Currently, the Negotiate security package selects between Kerberos and NTLM. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos.

    So, if NTLM works in your organization, you could remove the Negotiation, then use the NTLM directly.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.