I installed exchange 2013 with an existing exchange 2010 on domain.local, planning on migrating to 2013 and eventually eliminate exchange 2010.
I notice when I configure an outlook client on a pc on domain.local, for a user that has a mailbox on the exchange 2013, the proxy setting for exchange are automatically set (like outlook anywhere). That was new for me, usual with ex 2010, you dont need proxy settings for a domain.local outlook client, only for external once. I presumed it was an exchange 2013 thing.
But now a few months later a want to set outlook anywhere on the ex 2013 as well.
And now I have problems with the authentication method.

Ex2010\rpc (default web site)
ExternalClientAuthenticationMethod
Basic
InternalClientAuthenticationMethod
Ntlm
IISAuthenticationMethods
Basic

Ex2013\rpc (default web site)
ExternalClientAuthenticationMethod
Negotiate
InternalClientAuthenticationMethod
Ntlm
IISAuthenticationMethods
Basic, Ntlm , Negotiate

When I try to connect to a mailbox on ex2013 with outlook anywhere on no-domain computer, the autodiscover configure the proxy settings with Ntlm. The autoconfiguring makes no sense it should be Negotiate. I know in this link, https://support.microsoft.com/en-us/kb/2754898 Microsoft explains that its normal to see the internal hostname when you using outlook anywhere on an outlook client that is not a your domain. But why its also taken the authentication method of the internal one?!?

1. Exchange 2013 support Outlook Anywhere only. No more direct MAPI. That's why you see proxy setting.

2. Exchange server use NTLM authentication by default. You can set it to Negotiate but it makes no difference until you enable Kerberos authentication on CAS which involves a serious of changes on AD and CAS.

Ok, thank you for the info, I suspected it was normal.

I dont want to use Negotiate, but Ntlm make an endless credential popup.
So I change the ExternalClientAuthenticationMethod into negotiate, because I was advice to use this. But still it goes automatically to Ntml. Why?

Hi,

According to your description, I understand that external outlook account use NTLM connect to Exchange server, however it has been set as Negotiate.
If I misunderstand your concern, please do not hesitate to let me know.

Negotiate authentication: Enabled by default in Exchange 2013. This is a combination of Windows integrated authentication and Kerberos authentication. If we employ negotiate authentication, exchange will authenticate the client using NTLM authentication type and if unable to verify authenticity, will challenge the client to authenticate using a username and password.
When we configure Outlook Anywhere and select an authentication type, Autodiscover will update outlook client with all URL details and authentication type.

Please use ExRCA or run Test E-mail Autoconfiguration and select Autodiscover to get details about your account configuration.

Please try to set configuration as below for testing:
Exchange 2013 CAS Servers Outlook Anywhere
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}

Exchange 2010 CAS server Outlook Anywhere
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}

Thanks