Microsoft Outlook Email Prompting for Authentication
When you search for Outlook Email prompting for password with Exchange, you will find a large number of posts.
There is a large number of causes and most of them will say that you need to adjust your RPCoverHTTPS or Outlook Anywhere Authentication settings, That it shouldn’t be set to NTLM or Negotiate. That it should be set to Basic.
I’m going to try and explain the missing bits that never get mentioned.
Outlook Email and NTLM
NTLM is NT Lan Manager. Simply, its domain based authentication. Instead of asking for the password, it just uses the domain credentials of the current logged in user. However, NTLM isn’t just DOMAINUsername or username@domain.com. It’s a token that you’re given when you authenticate to a domain controller.
Now that’s all well and good in Exchange 2010, SharePoint and maybe a few other products. But Exchange 2013 uses HTTPS (OutlookAnywhere) only. No MAPI. MAPI loves NTLM but NTLM over HTTPS is sporadic…
The simplest answer is to change the authentication settings to RPCoverHTTP (OutlookAnywhere). And it is a very valid fix. However it doesn’t really answer the question “Why is my outlook prompting for my username and password all the time”, “Why doesn’t outlook remember my username and/or password”.
The answer is not with Outlook. The answer is Windows.
Windows Credential Manager
As I discovered the issue seems to be with a Windows 7 default setting and that Windows Credential Manager cannot save NTLM Credentials (even those typed in by the user with the remember password box ticked) permanently. By that I mean it does save the credentials for that session. However as soon as you log off, they are gone. Below is a screenshot of credential manager showing all the saved passwords from Outlook.
Windows Credential Manager
Summary
You really have two options. Muck about with the settings for Windows Credential Manager via Group Policy (I would give it a miss), or play with the Exchange RPCoverHTTPS Authentication settings on the exchange server. You also need to make sure Autodiscover gives out the new Authentication Setting.
But at least now you know why.
Article Written By: Tim Lourey (Managed Services/Cloud Lead Tech) @tlourey