XIMS: Where to Enable NT Challenge Response for POP3

This article was previously published under Q192510
This article has been archived. It is offered "as is" and will no longer be updated.
Summary
This article shows how and where to enable Windows NT Challenge Response(NTLM) for Exchange Server. NT Challenge Response security is intended towork with the Secure Password Authentication offered by Microsoft e-mailclients, such as Outlook Express. This offers a higher degree of securitythan Basic Clear Text, which is more vulnerable to being discovered andused.
More information
To use Secure Sockets Layer security (SSL), which is equivalent to TLS,Transport Layer Security, you need to have Internet Information Server(IIS) installed along with the Private/Public Key Pair that has beencertified by a Certificate Authority (CA).

To enable NTLM security, there are two locations in Exchange Server thatneed to be explained. POP3 can be implemented and controlled at the serverlevel and/or at the site level. Enabling POP3 at the server level meansthat the protocol and settings are specific to that server. Enabling POP3at the site level means any server in the site can use site defaultsettings. Using site level settings frees an administrator from having toconfigure each server individually when there is a site-wide change.

Enabling NTLM and POP3 Protocol at the Server Level

  1. Start the Exchange Server Administrator program.
  2. Expand on Organization\Site\Configuration\Servers\<your server>\Protocols to the Server Protocols object.
  3. Select the Protocols object. On the right pane, you will see the POP3 (Mail) Settings object. Double-click it, and the properties for the POP3 protocol on this server will be displayed.
  4. On the General tab, clear the "Use Site defaults for all properties" check box. The server will now be using server-specific POP3 settings.
  5. Click the "Enable Protocol" check box. The POP3 protocol is now enabled at this server. You do not have to restart.
  6. Click the Authentication tab. There are two options for enabling NT Challenge Response--with and without SSL security. If you do not require SSL, click only the "NT Challenge Response" check box. If you require SSL, then click only the "NT Challenge Response Using SSL" check box.

Enabling NTLM and POP3 Protocol at the Site Level.

  1. Follow steps 1 through 3 above, then on the General tab, click the "Use Site Defaults for All Properties" check box. The server will now be using the site POP3 default Settings.
  2. Expand on Organization\Site\Configuration\Protocols to the Site Protocols object.
  3. Select the Protocols object. On the right pane, you will see the POP3 (Mail) Site Defaults object. Double-click it, and the properties for the POP3 protocol for the site will be displayed.
  4. On the General tab, click the Enable Protocol check box. The POP3 protocol is now enabled for the Site. You do not have to restart.
  5. Click the Authentication tab. There are two options for enabling NT Challenge Response--with and without SSL security. If you do not require SSL, click only the "NT Challenge Response" check box. If you require SSL, then click only the "NT Challenge Response Using SSL" check box.
Enabled NTLM Security POP3 Howto kbinfo
Properties

Article ID: 192510 - Last Review: 10/26/2013 02:59:00 - Revision: 4.0

Microsoft Exchange Server 5.0 Standard Edition, Microsoft Exchange Server 5.5 Standard Edition

  • kbnosurvey kbarchive kbhowto KB192510
Feedback