Outlook on Windows tries to authenticate to Exchange 2016 /OAB using NTLM
Hello,
I have two Windows machines in the network on which Outlook (version 2201, build 14827.20198) tries to authenticate to Exchange 2016 CU22 /OAB (offline address book download) using NTLM and fails (error 401). The remaining 53 machines authenticate using Kerberos and succeed. All machines receive the same config by GPO and are in the same network segment. The two mentioned clients successfully connect to mailbox using Kerberos authentication.
In windows event logs on Exchange servers there are Event ID 4625 errors. In HTTPS logs I can see the following requests (authorization token edited) from the two clients:
{} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{Negotiate TlR...} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{Negotiate TlR......} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{NTLM TlR...} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
{NTLM TlR......} "HEAD /OAB/6d1b7286-2670-4b61-9460-61a0092772f2/oab.xml HTTP/1.1"
The above requests receive a 401 response.
I welcome suggestions on how to find the cause Outlook tries to use NTLM for OAB download.
Kind regards,
Gregor