I have an Nginx proxy server with headers-more-nginx module that passes requests to Exchange Server 2019. Currently Outlook 2019 gets stuck in a loop asking for credentials every time I try to connect to my server - it asks for a password, accepts it, and asks again. This problem is repeated on other devices.
The newest Outlook from Microsoft Store works ok.
Also, if it is Netscaler instead of Nginx, everything works normal, so I assume Nginx is misconfigured, but I can't access Netscaler configuration right now.
How should I change Nginx configuration to make it work properly?
Current nginx config:
http {
server {
listen 80;
listen 443 ssl;
server_name mail.mydomain.com;
ssl_certificate /etc/ssl/certs/mydomain.crt;
ssl_certificate_key /etc/ssl/certs/mydomain.key;
ssl_trusted_certificate /etc/ssl/certs/mydomain.crt;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
location / {
proxy_pass_request_headers on;
keepalive_timeout 3h;
tcp_nodelay on;
client_max_body_size 3G;
#proxy_buffering off; # tried both on and off
#proxy_request_buffering off;
proxy_read_timeout 3600;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_set_header Connection "Keep-Alive";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
more_set_input_headers 'Authorization: $http_authorization';
# I tried to use Nginx's domain as well as domain of Exchange server, no luck
more_set_headers -s 401 'WWW-Authenticate: Basic realm="mail.mydomain.com"';
proxy_pass https://exchange$request_uri;
}
}
}
upstream exchange {
ip_hash;
server exchangeip1:443;
server exchangeip2:443;
}
It sounds like the issue might be related to how Nginx is handling authentication headers and proxy settings. Here are a few adjustments you can try to resolve the credential loop issue with Outlook 2019:
Outlook often uses NTLM authentication, which might not be properly handled by your current Nginx configuration. You can use the nginx-ntlm-module to support NTLM authentication. You can find more information and installation instructions here.
Make sure that the proxy_set_header directives are correctly set to handle authentication headers. Here’s an example configuration that includes NTLM support:
Ensure that your SSL/TLS certificates are correctly configured and valid. Sometimes, issues with SSL/TLS can cause repeated authentication prompts.
Verify that your Exchange Server is configured to accept the authentication methods being passed through Nginx. You might need to adjust settings in the Exchange Management Shell to ensure compatibility.
Check the Nginx error logs for any clues about what might be causing the issue. You can increase the log level to debug for more detailed information.
If these steps don't resolve the issue, you might need to compare the working Netscaler configuration with your Nginx setup to identify any differences that could be causing the problem.