Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Consider the following scenario:

  • A domain account and a Microsoft Office 365 account have the same user principal name (UPN).

  • The passwords for the two accounts differ, and Active Directory Federation Services is not used in the domain.

  • The default lockout value is set to a value other than the default value.

  • You log on to the domain on a computer that's running Windows 7, and then you start Microsoft Outlook 2010.

  • You send some WinHTTP requests to Office 365. For example, you open a shared calendar.

  • Exchange is in a hybrid configuration in which some mailboxes or resources are split between on-premises and cloud Exchange servers.

In this scenario, you are locked out of the domain.

Resolution

To resolve this issue, apply the following hotfix package:

2553391 Description of the Outlook 2010 hotfix package (Outlook-x-none): December 11, 2012

Registry key information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in WindowsAfter you apply the hotfix package, follow these steps to enable the hotfix:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.

  2. Locate and then select the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security

  3. On the Edit menu, point to New, and then click Key.

  4. Type PerDomainDisabledWebAuthenticationType, and then press Enter.

  5. Select the PerDomainDisabledWebAuthenticationType key, point to New on the Edit menu, and then click DWORD (32-bit) Value.

  6. Type DomainName, and then press Enter.

    NoteDomainName is a placeholder for the Office 365 domain for which you want to disable the Negotiate authentication.

  7. In the Details pane, right-click DomainName, and then click Modify.

  8. In the Value data box, type 10, and then click OK.

    Note This is a hexadecimal value. After you click OK, it is displayed as 0x00000010 (16).

  9. Exit Registry Editor.


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

2598365 You are locked out of the domain after you start Outlook 2010

2598366 You are locked out of the domain after you start Outlook 2007For scenarios with on-premises or hybrid Exchange deployments:

2760398 You are locked out of the domain after you start Outlook 2007 in a hybrid Exchange environment

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×