Outlook 2016 connections to onprem Exchange 2013 via MAPI over HTTP using NTLM auth results in constant credential prompts to appear, does not accept credentials entered.

Hello Experts. In my staging environment, I have Exchange 2013 CU18, with AD 2012 R2, and using Outlook 2016. I am testing for implementing Outlook connections to use MAPI over HTTP with NTLM auth for our production environment. Currently, Outlook is using RPC over HTTP with NTLM. I have made the required changes on the exchange server, as they relate to the MAPI virtual directory, and made the required changes to our F5 load balancer through which traffic is flowing. However, Outlook is only able to connect via MAPI over HTTP using 'Negotiate' authentication. on the mapi virtual directory, if i choose for -IISAuthenticationMethods to accept only NTLM, and OAuth, Outlook keeps prompting for credentials, and it does not accept those credentials. so Outlook is not able to connect to on-prem exchange.

for the MAPI virtual directory, for -IISAuthenticationMethods, when i select 'Negotiate' aswell, then Outlook is able to connect via MAPI, without prompting for any credentials, but is using nego* auth to connect.

On the Exchange server itself, in IIS, for the MAPI default web site IIS authentication, i've enabled Windows authentication. Why is this happening?, why is NTLM auth not working? Thanks in advance.
Newguy 123Asked:
Who is Participating?
 
Newguy 123Author Commented:
Hello Jose, thank you for your feedback. I have not enabled it on the server itself using the command : set-organization config. If i run: Get-OrganizationConfig | fl MapiHttpEnabled, it shows false.

And the reason for this is because i wanted to test on some mailboxes before implementing to full organization.

So on a few mailboxes, i have enabled them using this command: set-CasMailbox -identity "username' - MapiHttpEnabled $true.

Please let me know if this is not the right way of testing.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
1st make sure that is enabled in your server:

Get-OrganizationConfig | Select *mapi*

Open in new window


You should get the "MapiHttpEnabled set to true.
If it is true, you can check the event viewer errors to check why is happening.

if it's not you should enable it there.
Set-OrganizationConfig -MapiHttpEnabled:$true

Open in new window


You can use this script with the "set" parameter to configure it, or just the "Get" to see if all your Virtual folders are configured correctly.
https://gallery.technet.microsoft.com/Script-to-configure-the-5a58558b
0
 
Newguy 123Author Commented:
And the script in your link seems to be for internal and external urls for virtual directories. Those all seem to be setup the right way.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Sadly exchange won't work using MAPI if you haven't enabled that. So you are using the old HTTP with NTLM until you set that to true. That's the way exchange works with MAPI, don't blame it on me.

The script is to double check that your set correctly, cuz I'm pretty sure is not.
0
 
Newguy 123Author Commented:
issue not resolved
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
So did you set it to true? and it is still not working on mapi over http? or? what exactly did you do?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.