Article ID: 820281 - View products that this article applies to.
You try to connect to a computer that is running Microsoft Exchange Server 2003 by using the Exchange RPC over HTTP feature of Microsoft Office Outlook 2003. However, you are prompted to provide your user account credentials even if you are logged on by using the Windows account that is mapped to your Exchange account.
This issue occurs for one of the following reasons:
You can use the Exchange Remote Connectivity Analyzer to help diagnose and resolve this issue. To do this, visit the following Web site:https://testconnectivity.microsoft.com/
Note Exchange Remote Connectivity Analyzer is a Web-based troubleshooting and diagnostic tool that will help identify the point of failure for Internet-based Exchange Server client connectivity scenarios. The tool simulates all the activities a client must be able to perform to connect, and then isolate the exact point of failure. Frequently, it will point out known configuration issues and provide suggested steps for resolution. The connectivity testing across the Internet (from outside your organization) is performed by a Web site hosted in a Microsoft datacenter.
Identifying a solution
Basic authenticationIf you want to use Basic authentication, you must continue to type your user account credentials. There is no way for the client to submit your user name and password automatically. If you want to log on automatically, you must configure your Outlook profile to use NLTM authentication to the proxy server for Exchange.
Before you switch to NTLM authentication, you must verify with your administrator that NTLM authentication is permitted or even possible in your environment. Many firewalls and proxy servers will prevent successful NLTM authentication, whereas Basic authentication will work successfully. See the More Information section for additional details.
Note The authentication mechanism that you configure in Outlook is used only for the HTTP session to the proxy server for Exchange. The actual authentication between Outlook and your Exchange server always uses NTLM. See the More Information section for additional details.
To change the authentication mechanism on the Outlook client to NTLM, follow these steps:
NTLM authenticationYou notice that your account is configured to use NTLM authentication and that you are still prompted for your user name and password when you are logged on as the Windows account that has access to your Exchange mailbox. In this situation, you must set LmCompatibilityLevel on the client to a value of 2 or 3. To do this, follow these steps.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
The authentication mechanism that is configured in your Outlook profile is used only for the HTTP session to the proxy server for Exchange. The actual authentication mechanism between Outlook and the Exchange server always uses NTLM when the mechanism is accessed by using remote procedure call (RPC) over HTTP. We strongly recommend that you use Secure Sockets Layer (SSL) encryption for the HTTP session to the proxy server for Exchange. This is especially true when you are using Basic authentication. If you use SSL encryption, this prevents your user name and password from being sent in clear text. Outlook will not let you use Basic authentication when you connect to the proxy server for Exchange without using SSL encryption.
You must sometimes use Basic authentication because NTLM authentication will fail if the proxy server for Exchange does not trust the authentication information. This issue can be caused by firewalls that examine the HTTP traffic and change it in some way. For example, a firewall may end the session from the Internet and establish a new session to the proxy server for Exchange instead of passing the HTTPS (SSL) session straight through without modification. This process is sometimes known as reverse proxying or Web publishing. Certain firewalls such as Microsoft Internet Security and Acceleration (ISA) Server 2004 can successfully reverse proxy or Web publish the session and still enable NTLM authentication to succeed. Basic authentication is not affected by this process and will work regardless of firewalls. However, if you use Basic authentication, this means that you must type your user name and password every time that you start an Outlook session.
LmCompatibilityLevel settingsThe LmCompatibilityLevel registry entry can be configured by using the following values:
For more information about the Exchange over the Internet feature, click the following article number to view the article in the Microsoft Knowledge Base:
831050For more information about how to configure RPC over HTTP in Exchange Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/831050/ )Description of the configuration options for the Exchange over the Internet feature in Outlook 2003
(http://support.microsoft.com/kb/833401/ )How to configure RPC over HTTP in Exchange Server 2003
Article ID: 820281 - Last Review: August 28, 2013 - Revision: 8.0