Outlook clients not authenticating, but OWA and ActiveSync work fine

We had an issue where a clients’ Outlook connectivity stopped working and they were continuously prompted for credentials.  Mysteriously OWA and ActiveSync were fine.  In the Security logs on the Exchange server we saw a lot of the following:

Source: Microsoft Windows security auditing.
Event ID: 4625
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0x80090302
Sub Status: 0xC0000418

Event ID 4625

We discovered that NTLM had been disabled on the domain controller.  To resolve, check the domain policy, domain controller policy or local policy on the DC and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies ->Security Options and check the following two settings:

  • Network security: Restrict NTLM: Incoming NTLM traffic
  • Network security: Restrict NTLM: NTLM authentication in this domain

NTLM Restrictions

After a gpupdate on the DC, Outlook clients were then able to successfully connect to Exchange.

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We perform a discovery of your current and future needs

3

We prepare a proposal