Outlook on Windows tries to authenticate to Exchange 2016 /OAB using NTLM

Gregor Jurgele 1 Reputation point
2022-02-23T11:20:54.967+00:00

Hello,

I have two Windows machines in the network on which Outlook (version 2201, build 14827.20198) tries to authenticate to Exchange 2016 CU22 /OAB (offline address book download) using NTLM and fails (error 401). The remaining 53 machines authenticate using Kerberos and succeed. All machines receive the same config by GPO and are in the same network segment. The two mentioned clients successfully connect to mailbox using Kerberos authentication.

In windows event logs on Exchange servers there are Event ID 4625 errors. In HTTPS logs I can see the following requests (authorization token edited) from the two clients:

{} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{Negotiate TlR...} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{Negotiate TlR......} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{NTLM TlR...} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{NTLM TlR......} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"

The above requests receive a 401 response.

I welcome suggestions on how to find the cause Outlook tries to use NTLM for OAB download.

Kind regards,

Gregor

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,628 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.