OUTLOOK 2016 Prompts for Username and Password and Outlook AnywhereHOW WE GOT HERE
THEM: I get a "Windows Security" login when I try to setup Outlook. It should just pick up all the settings automatically through autodiscover after I type in the email address and the password.
ME: Who cares. Everything is working. Type it in twice and move on with life.
THEM: It shouldn't be this way. It wasn't this way at my last place. We just typed in the email address and password and everything automatically worked.
ME: Sigh. I'll look into it.
OUTLOOK ANYWHERE OPTIONS (RPC over HTTP)
Well I'm glad I did look into it. From my other articles, the fine tuning of an MS EXCHANGE system is what makes it powerful as well as difficult.
So why is OUTLOOK ANYWHERE involved? Because all versions of OUTLOOK starting with OUTLOOK 2013 communicate through OUTLOOK ANYWHERE configuration (aka RPC over HTTP).
In this instance, EXCHANGE can change the way OUTLOOK talks to it. There are three options:
- BASIC: username and password is required while attempting communication with Exchange.
- NTLM: the current Windows user information on the client computer is supplied through cryptography communication. If the communication fails, a prompt for the username and password is required. In theory, if the computer is joined to the domain, a username and password is not needed.
- NEGOTIATE: kinda like the same thing as NTLM except it uses a more updated version.
In addition to these options, EXCHANGE can have different setting for outside the office or inside the office.
By default, EXCHANGE 2016 uses NEGOTIATE for outside the office and NTLM for inside the office.
HOW TO CHANGE OUTLOOK ANYWHERE SETTINGS
To see all the current settings:
Get-outlookanywhere |fl
To see the current settings we are interested in:
Get-outlookanywhere |select SSLOffloading,InternalClientAuthenticationMethod,ExternalClientAuthenticationMethod,IISAuthenticationMethods |fl
To set the settings to the default if they have been changed:
Set-OutlookAnywhere -identity "rpc (Default Web Site)" -SSLOffloading $true -InternalClientAuthenticationMethod NTLM -ExternalClientAuthenticationMethod Negotiate -IISAuthenticationMethods Basic,NTLM,Negotiate
NOTES
What's interesting to me is that the builtin documentation claims there are more settings.
To see the builtin documentation:
help set-outlookanywhere -detailed
To see the online documentation:
https://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx
They list out the settings as the following with no further info on the other options:
Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured