Office Servers and Services

"La connaissance ne vaut que si elle est partagée" / "An effective Knowledge is a shared one"

Exchange 2013 and Windows XP SP3 Outlook 2010 enable to connect the first time!!

Posted by Teruin laurent sur mai 30, 2014

Today i have to cope with an Authentication Issue when Outlook 2010 running on Windows XP and try to connect to Outlook Anywhere

Outlook 2010 running on Windows 2008 works fine but not on XP. Outlook for the first time and no way to connect

Below is the production environment

Windows XP professionnel version 5.1 2600 service Pack 3 Nu 2600 X86
Outlook 2010 version 14.7015.1000 32 Bit
Exchange 2013 SP1 Us Version
[PS] C:\Windows\system32>Get-OutlookProvider
Name Server CertPrincipalName TTL
—- —— —————– —
EXCH msstd:* 1
EXPR msstd:* 1

[PS] C:\Windows\system32>Get-OutlookAnywhere

RunspaceId : 72996687-448d-44fb-bef2-de48ccd0fa32
ServerName : SRVEXC01
SSLOffloading : True
ExternalHostname :
InternalHostname :
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://SRVEXC01.mrsaero.loc/W3SVC/1/ROOT/Rpc
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : SRVEXC01
AdminDisplayName :
ExchangeVersion : 0.20 (
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=SRVEXC01,CN=Servers,CN=Exchang Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mrsaero,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mrsaero,DC=loc
Identity : SRVEXC01\Rpc (Default Web Site)
Guid : 47bf7118-1c00-4add-82a0-172958d49f9d
ObjectCategory : mrsaero.loc/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}


On the worktation XP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\.    Lmcompatibilitylevel = 3

I decided to change to ntlm

set-outlookanywhere -identity « SRVEXC01\Rpc (Default Web Site) » -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm
set-outlookanywhere -identity « SRVEXC02\Rpc (Default Web Site) » -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm

and restart the rpc client access service … Same Issue


I decided to modify the outlook providers by using
Set-outlookProvider –identity WEB – CertPrincipalName msstd:*

Reboot the server… same Issue..

Trying to change the authentication method on autodiscover….

Set-autodiscovervirtualdirectory -identity « SRVEXC01\Autodiscover (Default Web Site) » -DigestAuthentication $true
Set-autodiscovervirtualdirectory -identity « SRVEXC02\Autodiscover (Default Web Site) » -DigestAuthentication $true

But it is not that

I download a tool fiddler2 to see what URL is accessed byt the Outlook client when autoconfiguration for the first time is made. And I discover that the Autodiscover was based on local client access FQDN. To have a real test I delete each time the profil user on the XP machine and loggin again.

So I decided to modify the configuration with this cmdlet

get-clientaccessserver | set-clientaccessServer -AutoDiscoverServiceInternalUri

so now buy using Fiddler acting as as proxy I can see that outlook use the autodiscover FQDN wich is a Load Balanced VIP. But…. Same issue . The worse is when Fiddler is open it works when I close fiddler outlook have an authentication issue


A this time no authentication is possible !







Une Réponse to “Exchange 2013 and Windows XP SP3 Outlook 2010 enable to connect the first time!!”

  1. You should have followed the following article: 🙂
    Just keep in mind that Nego2 is not supported with Windows XP.

Laisser un commentaire

Choisissez une méthode de connexion pour poster votre commentaire:


Vous commentez à l'aide de votre compte Déconnexion /  Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion /  Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s

%d blogueurs aiment cette page :