Outlook 2001 and Exchange 2003 authentication

F

Frank Ryder

Hi,

Our Exchange server has recently been upgraded to 2003 with the NTLMv2
(????) encryption being turned on.

When end users passwords expire and they are changed then Outlook 2001 no
longer authenticates to the server and will not login. I have users going
down like nine pins. Our central administrators will not lower the security
levels on the server (because Microsoft has told them it is not a good
idea).

I have installed the UAM module (latest) that supports NTLMv2 encryption but
Outlook 2001 appears not to use this. It lives in its own little world.

If anyone can suggest a solution I would appreciate it.


Frank Ryder

La Trobe University
 
S

Steve Aschettino

You need to disable LTLMv2 from the default domain controllers policyu for
this to work.

From a domain controller:
Go to: "Domain Controller Group Policy" (Get there by right-clicking "domain
controllers" in AD Users and Computers, and go to properties.

Then Under: Computer Configuration / Windows Settings / Security Settings /
Local Policies / Security Options /

There are 4 items that need to be changed from "not defined" to "disbaled"

They are:
MS Network client: Digitally sign communication (always)
MS Network client: Digitally sign communication (if server agrees)
MS Network server: Digitally sign communication (always)
MS Network server: Digitally sign communication (if server agrees)

That should do it.
 
S

Steve Aschettino

One more thing... Did you upgrade the server to 2003 Server? I believe that
is where the encryption comes from. Exchange 2003 should just support the
feature of 2003 Server.
 
M

M. Amir Haque [MSFT]

Outlook 2001 does not support authentication using NTLM v1 and v2, that's
why you are running into this issue. It uses a special implementation of
LMHash, you will have to enable it on server side to make it work with
current settings. If that's not possible, look into the possibility of
moving Mac users mailboxes to a separate dedicated Exchange Server with
LMHash enabled.

Hope this helps...

--
M. Amir Haque
Microsoft Enterprise Messaging

This posting is provided "AS IS" with no warranties, and confers no rights
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Outlook 2001,Exchange 2003, and Tiger 1
Outlook 2001 and Exchange 5.5 0
Outlook 2001 and Exchange 2000 connection problem (suddenly) 5
Outlook 2001 mac and Exchange 2003 1
Outlook 2001 and Exchange 2003 5
Outlook 2001 Mac and Exchange Server 5.5 migration to 2003 4
Entourage and Exchange 2007 SSL Problem 2
Outlook 2001 5

Top