Hello,

As part of a migration project, I'm trying to connect Outlook with Linked Mailboxes from users in a trusted domain.

I'm able to create the linked mailbox on the Exchange 2013 (CU7) server without any issue, but when I try to configure Outlook for these mailboxes, it is prompting for credentials permanently and won't start. Log on to OWA with the same user from the trusted domain is working fine.

I'm able to configure Linked mailboxes from another trusted domain without any problems.

I've already recreated the trust between these two domains (validation tells everything is ok)

DNS is configured with conditional forwarders in both domains and name resolution looks ok to me (ping and nslookup)

When I look at the LinkedMasterAccount of the mailboxes from this domain, I can see that there is only the SID (S-1-5-21-4033829......). The other linked mailboxes (from the other domain where it's working) are showing the Account name (domain\user)

Internal and External ClientAuthenticationMethod of OutlookAnywhere is set to NTLM

Infos:
DomainA: Domainlevel 2012 - Exchange 2013 - Forest trust to Domain B and C
DomainB: Domainlevel 2008 - Exchange 2010 - Forest trust to Domain A - Outlook for linked Mailboxes of DomainA works fine
DomainC: Domainlevel 2008 - Forest trust to Domain A --> can't connect Outlook to LinkedMailboxes of this domain.

Is there anything else I can check?

Hi,

Please check whether the server is configured to only accept NTLM version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Mananger authentication level.

Check DC, Start -> Programs -> Administrative Tools -> Security Options -> Note the LAN Manager authentication level.

Check DC's policies, Start -> Programs -> Administrative Tools -> expand Security Settings\Local Policies -> Security Options -> Note the Lan Manager authentication level.

IMPORTANT You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.

Thanks

Hello,

Thanks - it looks like the NTLM Level was the problem. I've changed the Security Options on the DC in account forest and after restart of DC (it took some time to get the permission for the changes) it worked.

Thanks for your help!