Negotiate Authentication Not working for Outlook

This is a very odd situation so bear with me when explaining this.
I have several users scattered out in different remote offices that are haveing authentication issues in outlook 2007 when trying to connect to our exchange 2010 public folder servers (CAS).  When the users open outlook it constantly sits at trying
to connect and eventually locks the machine up until you use the task manager to close outlook.  I have only determined this is a public folder issue because if you hold down the cntrl key and right click on the outlook icon in the taskbar (next to clock) you
get and option to see connection status.  This shows the server name (one of the CAS) and the type as public folder and the connection status is empty. 
We opened a microsoft ticket on this and they said it was a client side issue because we have 1700 users connection to the same set of servers with out issues.  Well we have reimaged the users desktop, replaced all cableing from the user to the switch,
and confirmed the IOS on the routers matches other offices that are working.   Still the same problem.
Heres the kicker!  This problem does not effect other users in the same office and if this paticular user logs into another machine the same problem happens.  But if she accesses her mailbox from Web Access she has no problems and if I log this
user on here at our home office on the same LAN as the Exchange system she has no issues.
But wait theres more.  We have deleted the user's mailbox and LAN account.  Created a new mailbox and LAN account with a similar name not the same one and when I log on to her machine exacte same issue.  I have removed all antivirus software
from the machine and still have the same problem.  
Not until we ran wireshark on her machine did I start seeing some ntlm authentication issues to the exchange system. We manually changed outlook from Negotiate Authentication to  Password Authenticatoin (NTLM) and viola her email started syncing??? 
When i change this setting on the other users they connect also. But why are we not haveing to change this on the other 1700 users?
Can anyone please offer some insite in to what the hell is causing this and why it seem to follow the user around.  I have been troubleshooting this for weeks and am so frustrated because it just doesnt make any sense. 
Thankyou to anyone willing to provide any ideas into what could be causing this.  When we opened a Microsoft ticket they were convinced that its client side but I have replaced everything.

Hello,
if you using OAW (Outlook AnyWhere) check the authentication method
get-OutlookAnywhere -Identity "<Servername>xpv00645\RPC (Default Web Site)" | fl *AuthenticationMethod*
I think it is set of NTLM or Negotiate.
Outlook 2007 has negotiate
problems at an OAW connection
authentication.
Change the authentication to NTLM for
the internal and Basic for the extenal method.
You need to reconfigure the Outlook Exhange settings to anonymous authentication and in the proxy settings to default authentication

Similar Messages

  • Out of office/free busy not working for Outlook 2013

    Hi!  I have a user on our network that cannot use Out of office or see free/busy information in meeting requests.  We have hundreds of working 2010 clients but this one is 2013 and NOT a member of our domain.  They are connected to exchange
    and can do anything except the above.  When I do a test of email autoconfiguration it just fails.  DNS resolution is working fine but it can't connect to the server for these two functions only.  Any articles I can find assume the user is remote
    and outside the network but he is connected internally.  Any ideas?
    Thanks!

    Hi,
    Please switch to Outlook 2010 client and login OWA to check this issue.
    The Microsoft Exchange Server 2010 Availability service makes free/busy information available to Outlook client. Then Outlook uses the Exchange Server 2010 Autodiscover service to obtain the URL of the Availability service. As you
    mentioned, it failed to do a test of email autoconfiguration. So I suggest the following methods for troubleshooting
    Please switch to Outlook 2010 client and login OWA to check this issue.
    Have you configured
    Autodiscover Service for Internet Access?
    Use Test-OutlookWebServices cmdlet to
    verify that the Autodiscover service settings for Outlook clients are configured correctly.
    Blog for
    reference to troubleshooting Autodiscover.
    Best Regards.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Lynn-Li
    TechNet Community Support

  • Ldap authentication not working for Solaris 8 host - Help!

    Greetings folks,
    I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
    Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
    ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
    My /etc/nsswitch.conf looks like this:
    passwd: files ldap
    group: files ldap
    My /etc/pam.conf looks like this:
    login auth requisite pam_authtok_get.so.1
    login auth required pam_dhkeys.so.1
    login auth sufficient pam_unix_auth.so.1
    login auth required pam_ldap.so.1
    sshd auth requisite pam_authtok_get.so.1
    sshd auth sufficient pam_unix_auth.so.1
    sshd auth required pam_ldap.so.1
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth sufficient pam_unix_auth.so.1
    other auth required pam_ldap.so.1
    passwd auth sufficient pam_passwd_auth.so.1
    passwd auth required pam_ldap.so.1
    I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
    hostname# getent passwd user1
    user1::1001:1001:User 1:/opt/home/user1:/bin/bash
    hostname# ldaplist -l passwd user1
    dn: uid=user1,ou=people,dc=mydomain,dc=com
    shadowFlag: 0
    userPassword: {crypt}(removed)
    uid: user1
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: account
    objectClass: top
    cn: user1
    uidNumber: 1001
    gidNumber: 1001
    gecos: User 1
    homeDirectory: /opt/home/user1
    loginShell: /bin/bash
    However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
    Any ideas?
    Thanks!
    Patrick

    I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
    1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
    2) Did you test and verify telnet/ftp/su working? but SSH not working?
    3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
    4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
    5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
    6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
    7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
    http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
    Gary

  • Import mail function does not work for Outlook Express

    working on a windows 8.1 laptop, trying to import emails from a Outlook Express directory that was moved to the new PC. Latest Thunderbird is running and the import starts and then very quickly finishes without importing anything.

    Thunderbird import does not work on my XP machine either, I already tried it. Do you mean that outlook Express has to be running at the time of import?
    I did migrate the mail folder into Windows live email, so I have access to the email but only as a kludgy 2 email solution.
    Thunderbird does not recognize Live Mail, so that was not helpful.
    I think the import broke in some previous release and has not been tested lately.

  • Attachments not working for Outlook Web Access / SL Safari 4.0

    Web access to my corporate email via browser: "Microsoft Outlook WebAccess". Able to choose file(s) for attachment, selection appears to work (displays file name) but attachment is not made; it doesn't show up on the message either for the recipient or on the message in my 'sent mail' folder.
    Worked prior to Snow Leopard install. Fails consitently now. Logged a ticket with Apple.
    Anyone else? Ideas?

    I have users on MS-OWA who have lost the reply and forward facilities with Safari. They get a new mail blank form (ie with no content) when hey attempt these commands. Firefox works...
    Will try my 10.6.7 to see if there is a fix with the Safari upgrade

  • Realm authentication not working for usergroups

    Hi...
    I have a server running 10.4.3 (8F46). I'm running one web site, and also some AFP shares. This server is bound to our corporate Active Directory server.
    I'm positive the AD integration works because my AFP shares use AD users and groups for their permissions. All but one AFP share uses an AD group for permissions. AD users are in an AD group, and they can log in to the share. It works.
    Anyways.... I want my one web site to be protected, and I'd like only one AD group to be able to access it. I am familiar with Apache from FreeBSd and OpenBSD. In ServerAdmin, I created a web site, and it works. I then created a realm, and added one AD user to the users pane. From the browser, I can connect to the web site after I authenticate as the AD user (annoyingly, I have to prepend my AD domain and a backslash to my username). My AD user can connect and view the web page.
    When I add an AD group to the groups pane, none of the member users can authenticate properly. If I remove the above user from the user pane, and add a group (containing said user) to the group pane, that user can no longer log in.
    I've consulted the 10.4 server documentation; the WebServices pdf does not get into details with realm authentication, and covers it mostly in conjunction with WebDAV.
    I find it odd that an AD user can connect when specified as a user entry, but not from within a group. It's almost as if authenticating to AD groups is broken in Apple's implementation of Apache.
    Has anyone else set up authentication with websites? Ever done it with Active Directory?
    Thanks
    /eric

    This is not limited to Active Directory as I have been unable to use groups for realm authentication with OpenLDAP either (on 10.3.9).
    I assumed it would be fixed in 10.4 but I see it has not.

  • Integrated Authentication not working for firefox 31 and above for NTLMv2

    Users browsing from a Citrix session are being asked to authenticate using Firefox on newer versions (31-35) as they used to pass authentication transparently via NTLMv2 in earlier versions. This does not happen on IE so wondering what to do to get this working again for Firefox users.
    Did release 31 also remove by accident ntlmv2 capability? If so, when and where is a fix to correct it. Fine to remove pre-ntlmv2 versions but dont break ntlmv2

    I would like to bump this and I am wondering if this was ever solved. My only difference is at one point I had it working with http but ended up reinstalling using https. I get access denied but when I type in my username and password and it goes in fine.
    There is a cert on the website
    I have changed NTFS permissions
    Made sure NTLM was on top
    Website is in the local intranet zone
    On the server itself that hosts the webconsole I can get in fine.

  • Search function not working for outlook 2007

    another screen shot

    rajugeorge wrote:hi bhg, thank you for the community welcome , much appreciatedi had initially tried to uncheck her data files option , thru search options. restarted outlook, and checked them back again. but that didnt helpshes got windows 7 64 bit, we have exchange server 2010 in our organisation.Emails are dragged and put in to the archive folders manually, the archive folder is stored on her network drive ( H drive namely )once again appreciate your helpcheersI haven't dealt with '07 in a while so to be please bear with me here, but under Search OptionsIndexing Options(Possibly) Advanced...What is the indexing location? I'm looking through my '10 Outlook so this may not be relevant in '07. Also are you using .OST or .PST? I would assume the mailbox is an .OST and the archive is a .PST. And again I don't have '07 in front of me so...

  • Basic authentication not working for portal application

    HI All,
    i have a portal application where I have a servlet. i want to use basic authentication for this servlet.
    to archive this i have followed http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm
    and configured basic authentication, also add web-resource in web.xml for the url to access the servlet.
    my web.xml look like (copied is only security section from web.xml)
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>adfAuthentication</web-resource-name>
          <url-pattern>/adfAuthentication</url-pattern>
        </web-resource-collection>
        <web-resource-collection>
          <web-resource-name>All</web-resource-name>
          <url-pattern>/faces/Auto-connect</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>BASIC</auth-method>
      </login-config>
      <security-role>
        <role-name>valid-users</role-name>
      </security-role>
    this works when in run the application in JDeveloper i.e. when i try to access http://localhost:7101/MyApp/faces/Auto-connect it ask for basic authentication (the popup) and when i access http://localhost:7101/MyApp/ it takes me to home page for login , but doesn't work when i deploy the application in weblogic 11g.(deployment done using Enterprise Manager console (EM console) (for both URL no popup).
    i tried Google around it but didn't get any solution please provide your input and guide me.
    thanks
    -somesh

    Hi,
    Before deploying, have you changed:
    Application properties -> Deployment
    Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
    Kind Regards

  • Form Based Authentication not working for my sharepoint site.

    I am using FIM 2010 r2 on Sharepoint -80 . I tried to use forms based authentication instead of default windows based auth. But the site is not even redirecting to the custom login page i am trying to connect .
    Any suggestions ?

    Issue has been resolved.  There was no interesting work-a-round or fix involved.

  • Windows Search not working for Outlook 2013

    Hello,
    I am running Outlook 2013 under Windows7 Pro. The search within Outlook works perfect, but I am used to also get Outlook results from the Windows Search under the "Start" menu: Office documents are beeing displayed but no Outlook Mails as it used
    to be under Outlook 2010.
    Can someone help ?
    Andreas
    <object height="0" id="plugin0" style=";z-index:1000;" type="application/x-dgnria" width="0"><param name="tabId" value="ff-tab-0" /><param name="counter"
    value="18" /></object>

    This is by design. We can find the deprecated features here -
    http://technet.microsoft.com/en-us/library/cc178954(v=office.15).aspx (outlook search from Windows shell is called out).
    Tony Chen
    TechNet Community Support

  • Spellcheck not working for Outlook or Word docs

    Hello,
    I'm having trouble configuring spell check on my MacBook Air.
    Text is not highlighted when misspelled, for example "updatd" instead of "updated"
    I have followed path Tools - Spelling and Grammar when finishedI have tried leaving text as is, and selecting all text. Neither option picks up the typo.
    I followed path Word - Preferences - Auto Correct.
    All check boxes ticked under 'AutoCorrect' menu
    Language = English AUS (I am in New Zealand)
    I followed path Word - Preferences - Spelling and GrammarIn Custom Dictonary field "Custom Dictionary" is checked.
    I send out lots emails to clients each day, and create presentations so it's obviously a problem for me - any help much appreciated!
    Cheers

    Contact Microsoft support. Those are MS products. Neither one uses the spell checking facilities built into OS X.

  • 11G Modplsql Basic Authentication not working for globally identified database users

    I have a modplsql dad that uses Basic authentication.  When I supply a username and password where the database user is locally defined in the database using the "identified by" syntax the authentication works perfectly and the modplsql app works.  When I try to authenticate a database user that is defined in the database using the "identified globally" syntax authentication fails.  Any idea on how to get modplsql app to work with users identified via OID?
    Thanks,
    Phil

    Hi,
    Before deploying, have you changed:
    Application properties -> Deployment
    Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
    Kind Regards

  • 'Share Card' not working for Outlook 2011.

    I'm trying to email a contact as an attachment from the Contacts app by using the Share button specifically. I want to send it via Outlook and it gives me the option to within the list. However, upon clicking Share Card with Outlook, all that occurs is a blank new message in Outlook with no .vcf attached. Can't figure out what is causing this to fail, as there are no variables that I can think of that would be getting in the way of this simple procedure.

    Contact Microsoft support. Those are MS products. Neither one uses the spell checking facilities built into OS X.

  • Auto resolve not working for cached outlook

    We recently migrated from Exchange 2007 to 2010. One thing we have noticed is that auto resolve (to alias name) is not working for Outlook in cached mode.  Not in cached mode or via owa, it seems to work fine.

    Hi,
    Does the issue happen to all users or some specific users?
    Please check whether the issue happens in Outlook Online mode. If the issue only happens in Cached mode but not in Outlook Online mode, please create a new Outlook profile to have a try.
    If it doesn't work, please restart Microsoft Exchange File Distribution service in Exchange 2010 and Exchange 2007 then click Send/Receive > Send/Receive groups > Download Address Book to have a try.
    Regards,
    Winnie Liang
    TechNet Community Support

Maybe you are looking for

  • My mail will not open or close when aim done using it? Is there any update i need to do to make this work properly??

    If some can help me?? My mac mail will not close when iam finished with it, or will it open when i awake my computer is there an update i need to do??

  • Product Hierarchy and COPA

    Can any one tell me what is a prodcut heirarchy and how it is related to Controlling ( specially with COPA and Product costing). If the product heirarchy is changed, what are the things need to be adjusted in configuration for COPA and Product costin

  • Roaming between 2 AEBS (N)

    I've set up 2 AEBS, and have gone for a roaming set-up. We have a long office, so i have one at one end, and one at the other. We use filemaker, entourage, safari, and connect to an xserve. If i turn my laptop on at the top of the office it works fin

  • How do I go around the Photoshop CS activation?

    I had to reinstall Photoshop CS on my laptop, but the activation servers for it are now moot and won't let me use the program anymore. I can't afford the new stuff so I called customer service. I've already gotten the free CS2 download off the Adobe

  • Adobe creative suite cs6

    I have met the following errors. What can I do ? Exit Code: 6 Please see specific errors below for troubleshooting. For example,  ERROR: DF037 ... -------------------------------------- Summary -------------------------------------- - 0 fatal error(s