Outlook 2016 connections to onprem Exchange 2013 via MAPI over HTTP using NTLM auth results in constant credential prompts to appear, does not accept credentials entered.

Hello Experts. In my staging environment, I have Exchange 2013 CU18, with AD 2012 R2, and using Outlook 2016. I am testing for implementing Outlook connections to use MAPI over HTTP with NTLM auth for our production environment. Currently, Outlook is using RPC over HTTP with NTLM. I have made the required changes on the exchange server, as they relate to the MAPI virtual directory, and made the required changes to our F5 load balancer through which traffic is flowing. However, Outlook is only able to connect via MAPI over HTTP using 'Negotiate' authentication. on the mapi virtual directory, if i choose for -IISAuthenticationMethods to accept only NTLM, and OAuth, Outlook keeps prompting for credentials, and it does not accept those credentials. so Outlook is not able to connect to on-prem exchange.

for the MAPI virtual directory, for -IISAuthenticationMethods, when i select 'Negotiate' aswell, then Outlook is able to connect via MAPI, without prompting for any credentials, but is using nego* auth to connect.

On the Exchange server itself, in IIS, for the MAPI default web site IIS authentication, i've enabled Windows authentication. Why is this happening?, why is NTLM auth not working? Thanks in advance.
Newguy 123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroCEOCommented:
1st make sure that is enabled in your server:

Get-OrganizationConfig | Select *mapi*

Open in new window

You should get the "MapiHttpEnabled set to true.
If it is true, you can check the event viewer errors to check why is happening.

if it's not you should enable it there.
Set-OrganizationConfig -MapiHttpEnabled:$true

Open in new window

You can use this script with the "set" parameter to configure it, or just the "Get" to see if all your Virtual folders are configured correctly.
Newguy 123Author Commented:
Hello Jose, thank you for your feedback. I have not enabled it on the server itself using the command : set-organization config. If i run: Get-OrganizationConfig | fl MapiHttpEnabled, it shows false.

And the reason for this is because i wanted to test on some mailboxes before implementing to full organization.

So on a few mailboxes, i have enabled them using this command: set-CasMailbox -identity "username' - MapiHttpEnabled $true.

Please let me know if this is not the right way of testing.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newguy 123Author Commented:
And the script in your link seems to be for internal and external urls for virtual directories. Those all seem to be setup the right way.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Jose Gabriel Ortega CastroCEOCommented:
Sadly exchange won't work using MAPI if you haven't enabled that. So you are using the old HTTP with NTLM until you set that to true. That's the way exchange works with MAPI, don't blame it on me.

The script is to double check that your set correctly, cuz I'm pretty sure is not.
Newguy 123Author Commented:
issue not resolved
Jose Gabriel Ortega CastroCEOCommented:
So did you set it to true? and it is still not working on mapi over http? or? what exactly did you do?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.