Outlook Continues to Prompt You for Logon Credentials

This article was previously published under Q312630
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
When you use Outlook to try to connect to a Microsoft Exchange server, you may be prompted to provide a user name, password, and domain name. However, after you provide this information, Outlook may repeatedly prompt you to provide your credentials again. Other related symptoms may include the inability to connect to Microsoft Outlook Web Access (OWA) by using the IP address of the server. If you are unable to connect by using the IP address of the server, the Microsoft Internet Information Server (IIS) computer may prompt you for credentials, and you may receive the following error message when these credentials do not work:
401.1 Unauthorized: Logon Failed.
This behavior may occur if the server is configured to only accept Microsoft Windows NT LAN Manager (NTLM) version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Manager authentication level.
To verify and correct this behavior, find the proper location where you can change the LAN Manager authentication level to set the client and the server to the same level. For example, you may have to look on the domain controller, or at the domain controller's policies.

Check the Domain Controller

NOTE: You may have to repeat the following procedure on all domain controllers.
  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In Local Security Settings, expand Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.

Check the Domain Controller's Policies

  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In the Domain Controller Security policy, expand Security Settings\Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.
IMPORTANT: You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.
This behavior is by design.
Because client computers that are running any of the following operating system are not affected by Windows 2000 Group Policy objects, you may have to manually configure these clients:
  • Microsoft Windows NT 4.0
  • Microsoft Windows Millennium Edition (Me)
  • Microsoft Windows 98
  • Microsoft Windows 95
For additional information about how to manually configure the authentication level, click the following article numbers to view the articles in the Microsoft Knowledge Base:
239869 How to Enable NTLM 2 Authentication
241338 Windows NT LAN Manager Version 3 Client with First Logon Prevents Subsequent Logon Activity

Article ID: 312630 - Last Review: 12/07/2015 08:10:53 - Revision: 2.3

Microsoft Windows 2000 Server SP2, Microsoft Outlook 2002 Standard Edition

  • kbnosurvey kbarchive kbenv kberrmsg kbnetwork kbprb kbui KB312630