Hello everyone,
Currently, our organization run Exchange Hybrid mode, we deploy Windows Hello for Business, user with on-premise mailbox will connect to Exchange Server using Kerberos. After complete deployment, we encounter issues when user with on-premise mailbox connect to Exchange, Outlook 2016 prompt require input passwords, i cancel prompt and double click to Need Password, Outlook 2016 can connect to Exchange.
Bellow is result my checked:
- "Negotiate" configured for both Outlook Anywhere and MAPI virtual directories, I only have 01 server.
- Get-MapiVirtualDirectory | Fl authen,InternalUrl,ExternalUrl
IISAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalUrl : https://mail.mydomain/mapi
ExternalUrl : https://mail.mydomain/mapi
- Get-OutlookAnywhere| fl InternalClientAuthenticationMethod, authen,InternalUrl,ExternalUrl
InternalClientAuthenticationMethod : Negotiate
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
- Get-OrganizationConfig | Fl MapiHttpEnabled
MapiHttpEnabled : True
Our server run hybrid mode, but OAuth disabled on my server.
I also check configure Kerberos follow link Configure Kerberos authentication for load-balanced Client Access services | Microsoft Learn, i correct configure, Negotiate occur in RpcHttp, HttpProxy, Autodiscover logs. But result of klist only have http/mail.mydomain.com, does not have http/autodiscover.mydomain.com
We only encounter this issues with Outlook 2016, our environment: Exchange Server 2016 CU22, configure Hybrid Wizard Exchange, Outlook 2013 doesn't impact by issues.
Please help me solve this issues.