Outlook gets Authentication Error on IMAP4 on Exchange 2013 CU9 (Network Steve Forum)

Outlook gets Authentication Error on IMAP4 on Exchange 2013 CU9

Since we installed CU9 IMAP connections from Outlook (2007 and 2013) get rejected w/ authentication errors.

(from the IMAP4 server log: "NTLM,"R=""yqw4 NO AUTHENTICATE failed."";Msg=""System.Security.SecurityException:The user name or password is incorrect.\r\n"";LiveIdAR=OK;Excpt=""The user name or password is incorrect.\r\n-System.Security.SecurityException"";")

Only after setting "EnableGSSAPIAndNTLMAuth" to false w/ Set-ImapSettings the access works again.

The SPN-Records (IMAP/ and IMAP4/) do exist and point to the right computer account.

I am aware that in CU9 "GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013" was fixed and I assume that this might be the cause of our issues.

(To avoid a discussion on why no MAPI-based access is used I can tell that most our clients do but for a few IMAP is a requirement.)

Any help on this would be appreciated.

July 4th, 2015 12:22pm

Toggle EnableGSSAPIAndNTLMAuth to $false ( which you have done) and then back to $true with Set-Im

Free Windows Admin Tool Kit Click here and download it now

July 4th, 2015 12:29pm

Toggle EnableGSSAPIAndNTLMAuth to $false ( which you have done) and then back to $true with Set-Im

July 4th, 2015 12:34pm

Toggle EnableGSSAPIAndNTLMAuth to $false ( which you have done) and then back to $true with Set-ImapSet

Free Windows Admin Tool Kit Click here and download it now

July 4th, 2015 12:47pm

Hi,

Please restart Exchange server and make sure all Exchange services are started and running in server side. Also reconfigure the account in Outlook side with IMAP connection to have a try.

If the issue happens to all IMAP connection Exchange users, please open a case with Microsoft to report your issue:

https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wf=0&wfName=productselection&=&gprid=16662&ccsid=635717733732906285

Regards,

July 6th, 2015 5:57am

Thanks to all of you for your recommendations.

Actually the issue happens in 2 completely separate forests with their own Exchange organizations.

(AD Level: 2012 R2, Servers: 2012 R2 Ger, Clients: Win 8.1 Ent Eng x64 w/ Outlook 2013 x64 and Win 7 Ultimate Eng x86 w/ Outlook 2007 x86, Region: German(Germany))

All systems are fully patched and all services are operational.

As soon as I set "EnableGSSAPIAndNTLMAuth" to false the access works as expected.

For the time being I will live with that.

Maybe I will have more luck with CU10 :-)

Free Windows Admin Tool Kit Click here and download it now

July 6th, 2015 8:54am

I had exactly the same problem after installing CU9

NTLM authentification is broken after youapply this update.

The setting set imap-settings EnableGSSAPIAndNTLMAuth $false did the trick for me. many thnks!

July 20th, 2015 2:25pm

Hi, you mentioned that this may be a bug in CU9? Where can we verify this information please?

Free Windows Admin Tool Kit Click here and download it now

August 11th, 2015 12:45pm

This topic is archived. No further replies will be accepted.