Microsoft KB Archive/312630

= Outlook Continues to Prompt You for Logon Credentials =

Article ID: 312630

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Outlook 2002 Standard Edition

-



This article was previously published under Q312630



SYMPTOMS
When you use Outlook to try to connect to a Microsoft Exchange server, you may be prompted to provide a user name, password, and domain name. However, after you provide this information, Outlook may repeatedly prompt you to provide your credentials again. Other related symptoms may include the inability to connect to Microsoft Outlook Web Access (OWA) by using the IP address of the server. If you are unable to connect by using the IP address of the server, the Microsoft Internet Information Server (IIS) computer may prompt you for credentials, and you may receive the following error message when these credentials do not work:

401.1 Unauthorized: Logon Failed.



CAUSE
This behavior may occur if the server is configured to only accept Microsoft Windows NT LAN Manager (NTLM) version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Manager authentication level.



RESOLUTION
To verify and correct this behavior, find the proper location where you can change the LAN Manager authentication level to set the client and the server to the same level. For example, you may have to look on the domain controller, or at the domain controller's policies.

Check the Domain Controller
NOTE: You may have to repeat the following procedure on all domain controllers.
 * 1) Click Start, point to Programs, and then click Administrative Tools.
 * 2) In Local Security Settings, expand Local Policies.
 * 3) Click Security Options.
 * 4) Note the LAN Manager authentication level.

Check the Domain Controller's Policies

 * 1) Click Start, point to Programs, and then click Administrative Tools.
 * 2) In the Domain Controller Security policy, expand Security Settings\Local Policies.
 * 3) Click Security Options.
 * 4) Note the LAN Manager authentication level.

IMPORTANT: You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to &quot;Send NTLMv2 response only&quot;. If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.



STATUS
This behavior is by design.



MORE INFORMATION
Because client computers that are running any of the following operating system are not affected by Windows 2000 Group Policy objects, you may have to manually configure these clients:
 * Microsoft Windows NT 4.0
 * Microsoft Windows Millennium Edition (Me)
 * Microsoft Windows 98
 * Microsoft Windows 95

For additional information about how to manually configure the authentication level, click the following article numbers to view the articles in the Microsoft Knowledge Base:

239869 How to Enable NTLM 2 Authentication

241338 Windows NT LAN Manager Version 3 Client with First Logon Prevents Subsequent Logon Activity

Additional query words: ntlmv2

Keywords: kbenv kberrmsg kbnetwork kbprb kbui KB312630

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.