troubleshooting Question

Outlook unable to connect via MAPI over HTTP with NTLM auth without VPN connection. with VPN, Outlook connects via MAPI over HTTP with nego* authentication

Avatar of Newguy 123
Newguy 123 asked on
3 Comments1 Solution904 ViewsLast Modified:
Hello Experts. In my staging env, i have Exchange 2013 CU18, with AD 2012R2, and Outlook 2016. I am testing enabling MAPI protocol, currently on-prem exchange is enabled to accept RPC over HTTP via NTLM. I have used the following powershell command to enable MAPI HTTP on a few mailboxes: Get-CasMailbox -identity "User name" -MapiHTTPEnable $true. The users Outlooks are able to connect to on-prem Exchange via MAPI over HTTP with nego* authentication. However, the users machines need to be connected to VPN. if VPN is not connected, then Outlook prompts the user for credentials, after which it connects successfully.

Obviously, I do not want the users to have to input any credentials. Outlook should automatically connect via MAPI over HTTP weather VPN is connected or not. I believe the issue is that MAPI over HTTP is unable to connect using auth NTLM. However, prior to this, we allowed connections using RPC over HTTP via NTLM, and Outlook was successfully able to connect via RPC over HTTP via NTLM without prompting for creds, even if VPN is connected or not. Why is MAPI not able to connect via NTLM auth without VPN. in between, we have a NLB, which has been configured to accept MAPI connections.

Also, what settings need to be enabled in IIS authentication for MAPI virtual directory?, currently i have Windows Authentication enabled for MAPI virtual directory in IIS authentication. Also i have set for MAPI virtual directory for its IISAuthenticationMethods the following: NTLM, OAuth, Negotiate.

Please let me know, and thanks in advance.
Jason Crawford
Transport Ninja

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros