Blog Post

Exchange Team Blog
4 MIN READ

Released: August 2022 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Aug 09, 2022
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 IMPORTANT: Updates are released in a self-extrac...
Updated Aug 11, 2022
Version 8.0
announcements
security
setup
JMaletzky's avatar
JMaletzky
Brass Contributor
Aug 17, 2022

Extended Protection and Outlook NTLM authentication problems 

 

After enabling Extended Protection using the ExchangeExtendedProtectionManagement.ps1 script many of our users reported Outlook authentication errors (multiple password prompts  and no successful login) and we saw many NTLM authentication errors in the event logs of the Exchange servers like

 

Error 1

 

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 17.08.2022 10:06:37
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: mehl6.unirstock.de
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: email address removed for privacy reasons
Account Domain:

Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000035B
Sub Status: 0x0

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: LAPTOP-MUT5DF
Source Network Address: 56.175.249.102
Source Port: 24731

Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

 

Error 2

 

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 17.08.2022 10:09:55
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: mehl5.unirstock.de
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: rb949
Account Domain:

Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC0000225
Sub Status: 0x0

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: WORKSTATION
Source Network Address: 155.13.19.146
Source Port: 3161

Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

 

After manually reconfiguring the Extended Protection for the Exchange Server virtual directories (in fact disabling CBT for the Outlook virtual directories) the error disappeared and the users don't get authentication errors anymore:

 

 

Are there any known problems or special considerations enabling Extended Protection (CBT) for Outlook ?

 

Greetings

Jörg Maletzky