I can't handle the incessant password prompting anymore..
Our Outlook installations prompt for a password after the comps wake from sleep and/or when changing between wired/wireless. Outlook DOES NOT prompt for a password when launching initially..AND, funny thing is, when it does prompt for credentials, users can simply dismiss the credential box, and then click on 'need password' in the bottom right corner of outlook, and connectivity is restored. How asinine is that? This behavior has me convinced that the credential prompt for RPC over HTTP DOES NOT HAVE TO BE DEFAULT BEHAVIOR Note, this works on all devices when they are connected to the LAN.. and when they DO NOT have any credentials saved in credential manager.
I have found many discussions claiming that if basic auth is used for RPC/HTTPS proxy, then password prompts are inevitable, but I can't believe MS would allow this behavior since they are now recommending RPC/HTTPS and deprecating NTLM, and based on the behavior described above, its clear that there is a method to pass the currently-logged-on credentials through basic auth.
Another reason i don't believe this is desired behavior is because MS released a KB to combat this issue (for 2007): https://support.microsoft.com/en-us/kb/956531
Here is another older KB https://support.microsoft.com/en-us/kb/820281, (unfortunately for 2003), that specifically says basic auth will always require a password, but this must be false (for 2007/13 combo at least) based on the behavior described above.
Here is an experts-exchange thread where I commented, but did not receive a response: http://www.experts-exchange.com/questions/27778514/Outlook-Disconnected-after-resume-from-sleep-mode.html
Can anyone help/comment on this behavior please? I am convinced that something is just misconfigured somewhere..
We have Exchange 2007 with Outlook 2013 clients. Corp IT decided NOT to use NTLM after the migration from 2003-07 because Microsoft advised that it is insecure and recommends NOT using it anymore.
Our setting are auto-discovered/configured so any changes I make to test get reverted. I have not tried to disable the auto-discover yet.
See screenshots below.
Going to be blunt, but the reasoning behind the decisions is deeply flawed. A decision has been made to disable some functionality of a product that it was designed to use 10 YEARS ago, because of a future de-emphasis. That doesn't make sense. If you want to be more secure then migrate to Exchange 2013 or 2016.
Although can you get a source for the recommendation to stop using NTLM authentication from Microsoft, because it is the first I have heard of it. You shouldn't use it over the internet without SSL, but that is to expected. However it is normally wrapped in HTTPS, which removes a lot of the problems with it.
If you are using basic authentication with Exchange 2007 then you will always get prompts when using Outlook Anywhere. Of course internally you shouldn't be using Outlook Anywhere.
If you want the authentication prompts to stop, switch to NTLM authentication. End of story. That needs to be configured on the server so it is pushed to the clients via Autodiscover.