Outlook Continues to Prompt You for Logon Credentials (312630)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP2
  • Microsoft Outlook 2002
This article was previously published under Q312630

SYMPTOMS

When you use Outlook to try to connect to a Microsoft Exchange server, you may be prompted to provide a user name, password, and domain name. However, after you provide this information, Outlook may repeatedly prompt you to provide your credentials again. Other related symptoms may include the inability to connect to Microsoft Outlook Web Access (OWA) by using the IP address of the server. If you are unable to connect by using the IP address of the server, the Microsoft Internet Information Server (IIS) computer may prompt you for credentials, and you may receive the following error message when these credentials do not work:
401.1 Unauthorized: Logon Failed.

CAUSE

This behavior may occur if the server is configured to only accept Microsoft Windows NT LAN Manager (NTLM) version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Manager authentication level.

RESOLUTION

To verify and correct this behavior, find the proper location where you can change the LAN Manager authentication level to set the client and the server to the same level. For example, you may have to look on the domain controller, or at the domain controller's policies.

Check the Domain Controller

NOTE: You may have to repeat the following procedure on all domain controllers.
  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In Local Security Settings, expand Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.

Check the Domain Controller's Policies

  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In the Domain Controller Security policy, expand Security Settings\Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.
IMPORTANT: You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.

STATUS

This behavior is by design.

MORE INFORMATION

Because client computers that are running any of the following operating system are not affected by Windows 2000 Group Policy objects, you may have to manually configure these clients:
  • Microsoft Windows NT 4.0
  • Microsoft Windows Millennium Edition (Me)
  • Microsoft Windows 98
  • Microsoft Windows 95
For additional information about how to manually configure the authentication level, click the following article numbers to view the articles in the Microsoft Knowledge Base:

239869 How to Enable NTLM 2 Authentication

241338 Windows NT LAN Manager Version 3 Client with First Logon Prevents Subsequent Logon Activity

Modification Type:MajorLast Reviewed:9/22/2003
Keywords:kbenv kberrmsg kbnetwork kbprb kbui KB312630
©2003 Microsoft Corporation. All rights reserved.