DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 312630 - Last Review: October 30, 2006 - Revision: 2.3

This article was previously published under Q312630
Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000) is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy (http://support.microsoft.com/lifecycle/) .

On This Page

SYMPTOMS

When you use Outlook to try to connect to a Microsoft Exchange server, you may be prompted to provide a user name, password, and domain name. However, after you provide this information, Outlook may repeatedly prompt you to provide your credentials again. Other related symptoms may include the inability to connect to Microsoft Outlook Web Access (OWA) by using the IP address of the server. If you are unable to connect by using the IP address of the server, the Microsoft Internet Information Server (IIS) computer may prompt you for credentials, and you may receive the following error message when these credentials do not work:
401.1 Unauthorized: Logon Failed.

CAUSE

This behavior may occur if the server is configured to only accept Microsoft Windows NT LAN Manager (NTLM) version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Manager authentication level.

RESOLUTION

To verify and correct this behavior, find the proper location where you can change the LAN Manager authentication level to set the client and the server to the same level. For example, you may have to look on the domain controller, or at the domain controller's policies.

Check the Domain Controller

NOTE: You may have to repeat the following procedure on all domain controllers.
  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In Local Security Settings, expand Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.

Check the Domain Controller's Policies

  1. Click Start, point to Programs, and then click Administrative Tools.
  2. In the Domain Controller Security policy, expand Security Settings\Local Policies.
  3. Click Security Options.
  4. Note the LAN Manager authentication level.
IMPORTANT: You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.

STATUS

This behavior is by design.

MORE INFORMATION

Because client computers that are running any of the following operating system are not affected by Windows 2000 Group Policy objects, you may have to manually configure these clients:
  • Microsoft Windows NT 4.0
  • Microsoft Windows Millennium Edition (Me)
  • Microsoft Windows 98
  • Microsoft Windows 95
For additional information about how to manually configure the authentication level, click the following article numbers to view the articles in the Microsoft Knowledge Base:
239869  (http://support.microsoft.com/kb/239869/EN-US/ ) How to Enable NTLM 2 Authentication
241338  (http://support.microsoft.com/kb/241338/EN-US/ ) Windows NT LAN Manager Version 3 Client with First Logon Prevents Subsequent Logon Activity

APPLIES TO
  • Microsoft Windows 2000 Server SP2
  • Microsoft Outlook 2002 Standard Edition
Keywords: 
kbenv kberrmsg kbnetwork kbprb kbui KB312630
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support