Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Original KB number: 4488049
Symptoms
After you configure a network device to require certificate validation between Outlook and Exchange Server 2019, 2016, or 2013, you experience connection failures in Outlook clients.
Note
The network device can be a load balancer or another network device, as described in Certificate Selection and Validation.
This problem occurs especially if the network device is configured to require the client to present a certificate during the SSL handshake in the network layer instead of passing the traffic directly to the server that is running Exchange Server.
Cause
This issue occurs because Outlook doesn't support using the Windows certificate store as a credential. Outlook uses the Windows Credential Manager to provide credentials to servers.
Resolution
To configure certificate authentication in Outlook 2016 and later versions, we recommend that you use Modern Authentication. For more information about how to enable Modern Authentication, see the following articles:
- Enable Modern Authentication in Microsoft 365
- Configure on-premises Exchange to use Hybrid Modern Authentication
More information
Outlook supports connecting directly to Smart Card Authentication by using a physical smart card or a TPM chip-embedded virtual smart card for each user. Certificate-based authentication is supported for Outlook Web App (OWA) and Exchange ActiveSync clients, but not in Outlook that is running on Windows. For more information, see the following articles: