Hi,

since i wasted over a day for this, i just want to share this, it might help someone:

Behaviour is that existing/migated or new Outlook-Profiles doesnt matter, every Outlook-Start it promts for Credentials (once). Ive you put it in, Outlook works fine, ive not Outlook closes.

Ive you set a Registry Key to not promt for auth and open outlook it just sais "Could not connect..." and closes.

For Some Reason it could not authenticate through NTLM / Windows Integrated.

Exchange is two Server 2013 CU9, working with Single Name with DNS Round Robin.

Everything is configured for NTLM:

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalClientAuthenticationMethod NTLM
Get-OutlookAnywhere | Set-OutlookAnywhere -InternalClientAuthenticationMethod NTLM
Get-OutlookAnywhere | Set-OutlookAnywhere -IISAuthenticationMethods NTLM
Get-OutlookAnywhere | Set-OutlookAnywhere -InternalClientsRequireSsl $false

CertPrincipalName is also Set:

Set-OutlookProvider EXPR -CertPrincipalName:"msstd:mydomain.ee" <- Name of DNS-Name and First Name in Cert.
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect

Raised RPC Auth Prio in IIS like shown here:

http://www.stopdoingitwrong.co.uk/exchange-2013-migration-outlook-anywhere-proxy-issues/

So here comes the funny thing:

In some articles it sais, that you could not use negotiate for authentication as long as exchange 2013 is in coexistance with exchange 2010/2007.

i found out that the customer had a group policy for all machines to use only LM & NTLM.

(https://support.microsoft.com/en-us/kb/239869)

Changed it to 1

(Level 1 - Use NTLM 2 session security if negotiated. Clients use LM and NTLM authentication, and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.)

-> You might know this from XP Clients and Exchange 2013.

Since Level 1 has some kind of negotiaten in it and it did not solve the problem, i changed it to Level 3, whats the default since Vista/2008

(Level 3 - Send NTLM 2 response only. Clients use NTLM 2 authentication, and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.)

-> After that everything worked fine.

You can try that with registry key, it should dominate some global GPO:

https://technet.microsoft.com/de-de/library/cc960646.aspx?f=255&MSPPError=-2147217396

In my case the regkey even worked instandly without reboot but better do a reboot.

In some Articles it sais, that you could not set authentication to negotiate, when your exchange 2013 is in coexistance with exchange 2010/2007. For some reasons it breaks Outlook Anywhere.

• Marked as answer by Schuetti3000 16 hours 16 minutes ago
• Edited by Schuetti3000 9 minutes ago Copy pasted twice..

So here comes the funny thing:

In some articles it sais, that you could not use negotiate for authentication as long as exchange 2013 is in coexistance with exchange 2010/2007.

i found out that the customer had a group policy for all machines to use only LM & NTLM.

(https://support.microsoft.com/en-us/kb/239869)

Changed it to 1

(Level 1 - Use NTLM 2 session security if negotiated. Clients use LM and NTLM authentication, and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.)

-> You might know this from XP Clients and Exchange 2013.

Since Level 1 has some kind of negotiaten in it and it did not solve the problem, i changed it to Level 3, whats the default since Vista/2008

(Level 3 - Send NTLM 2 response only. Clients use NTLM 2 authentication, and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.)

-> After that everything worked fine.

You can try that with registry key, it should dominate some global GPO:

https://technet.microsoft.com/de-de/library/cc960646.aspx?f=255&MSPPError=-2147217396

In my case the regkey even worked instandly without reboot but better do a reboot.

In some Articles it sais, that you could not set authentication to negotiate, when your exchange 2013 is in coexistance with exchange 2010/2007. For some reasons it breaks Outlook Anywhere.

• Marked as answer by Schuetti3000 Thursday, July 16, 2015 3:13 PM
• Edited by Schuetti3000 Friday, July 17, 2015 7:20 AM Copy pasted twice..

Hello Schuetti3000,

In most of the time, the credential issues are one of the most headache issue. Thank you for your detailed explanation. Its much appreciated for sharing the solution with us.

Than