Forum Discussion
Outlook is attempting to authenticate to the Exchange server using local username and password
Hi! We are using Exchange Server 2016 with the latest updates and primarily using Outlook 2019 or 2021 clients. We have bound an internal Exchange mailbox account, and every time Outlook is launche...
HI YOUN ANN
Thank you very much for your reply. I tried to look for the credentials in the credential manager, but I couldn't find any relevant credentials. It's possible that these credentials are not visible in the control panel.
I found that Outlook automatically uses the current Windows system login user credentials to authenticate with the Exchange server. For example, on my computer without a domain, the local user is Administrator. This results in corresponding authentication records for Administrator on the Exchange server, and multiple failed attempts can lead to the Administrator user account on the domain server being locked.
This method of using the Windows system user credentials for authentication is more suitable for domain-joined computers, but it can be problematic for non-domain computers when it comes to the Exchange system.
I'm wondering if there is a way to make Outlook only use its own email account credentials for authentication, instead of using the Windows system user credentials.
These are just my guesses and thoughts, and they may not be correct. I would like to understand the specific reasons and solutions. I welcome further discussion. Thank you.
Thank you very much for your reply. I tried to look for the credentials in the credential manager, but I couldn't find any relevant credentials. It's possible that these credentials are not visible in the control panel.
I found that Outlook automatically uses the current Windows system login user credentials to authenticate with the Exchange server. For example, on my computer without a domain, the local user is Administrator. This results in corresponding authentication records for Administrator on the Exchange server, and multiple failed attempts can lead to the Administrator user account on the domain server being locked.
This method of using the Windows system user credentials for authentication is more suitable for domain-joined computers, but it can be problematic for non-domain computers when it comes to the Exchange system.
I'm wondering if there is a way to make Outlook only use its own email account credentials for authentication, instead of using the Windows system user credentials.
These are just my guesses and thoughts, and they may not be correct. I would like to understand the specific reasons and solutions. I welcome further discussion. Thank you.
Is same domain account and non-domain computer account?
- There will be similar situations, but most of them are different.
When the domain account and the non-domain computer account are the same, the error code generated in the log is “0xc000006a, At this time, the user exists, but the password of the non-domain computer account does not match the password of the domain account. Frequent verification will cause the domain account to trigger the lockout policy.
When the domain account and the non-domain computer account are different, the error code generated in the log is ”0xc0000064.“ Using a non-domain computer account within the domain does not exist, and it will leave a large number of 4625 failure logs on the Exchange server.- Is Outlook Anywhere authentication method set to "NTLM" in Exchange Server 2016?
- Currently, our OutlookAnywhere settings are as follows: external client authentication method is Basic, internal client authentication method is NTLM.
We have observed that the issue exists in both internal and external network environments. When checking the logs on the Exchange server, we can see that there are source IP addresses from both external and local network.
Here is the result of the Exchange PowerShell query.
[PS] C:\Windows\system32>Get-OutlookAnywhere |fl ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod,IISAuthenticationMethods
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}