Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Consider the following scenario:

  • A domain account and a Microsoft Office 365 account have the same user principal name (UPN).

  • The passwords for the two accounts differ, and Active Directory Federation Services is not used in the domain.

  • The default lockout value is set to a value other than the default value.

  • You log on to the domain on a computer that's running Windows 7, and then you start Microsoft Outlook 2010.

  • You send some WinHTTP requests to Office 365. For example, you open a shared calendar.

  • Exchange is in a hybrid configuration in which some mailboxes or resources are split between on-premises and cloud Exchange servers.

In this scenario, you are locked out of the domain.


To resolve this issue, apply the following hotfix package:

2553391 Description of the Outlook 2010 hotfix package (Outlook-x-none): December 11, 2012

Registry key information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in WindowsAfter you apply the hotfix package, follow these steps to enable the hotfix:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.

  2. Locate and then select the following registry subkey:

  3. On the Edit menu, point to New, and then click Key.

  4. Type PerDomainDisabledWebAuthenticationType, and then press Enter.

  5. Select the PerDomainDisabledWebAuthenticationType key, point to New on the Edit menu, and then click DWORD (32-bit) Value.

  6. Type DomainName, and then press Enter.

    NoteDomainName is a placeholder for the Office 365 domain for which you want to disable the Negotiate authentication.

  7. In the Details pane, right-click DomainName, and then click Modify.

  8. In the Value data box, type 10, and then click OK.

    Note This is a hexadecimal value. After you click OK, it is displayed as 0x00000010 (16).

  9. Exit Registry Editor.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

2598365 You are locked out of the domain after you start Outlook 2010

2598366 You are locked out of the domain after you start Outlook 2007For scenarios with on-premises or hybrid Exchange deployments:

2760398 You are locked out of the domain after you start Outlook 2007 in a hybrid Exchange environment

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?

Thank you for your feedback!