Outlook is attempting to authenticate to the Exchange server using local username and password

Copper Contributor


We are using Exchange Server 2016 with the latest updates and primarily using Outlook 2019 or 2021 clients. We have bound an internal Exchange mailbox account, and every time Outlook is launched on a non-domain computer, it attempts multiple authentications on the Exchange server using the local user account (some of my users are working on non-domain computers). However, Outlook actually functions properly. I'm not sure why it is attempting to authenticate using the local username. I have checked if the incorrect username and password are saved in the Credential Manager for the user. I can see a large number of Event 4625 audit failures in the failed logs on the Exchange server, 




corresponding to my non-domain computer account "ZYY" in this case.


安全 ID:S-1-0-0
账户名称: -
账户范围: -
登录ID: 0x0

登录类型: 3

安全 ID:S-1-0-0

状态: 0xC000006D
子状态: 0xC0000064

调用方进程ID: 0x0
调用方进程名: -

工作站名称: LAPTOP-P0SO72JO
源端口: 14118

登录进程: NtLmSsp
数据包名(仅限 NTLM): -
长度: 0


"用户"字段指示本地系统上请求登录的帐户。这通常是一个服务(例如 Server 服务)或本地进程(例如 Winlogon.exe 或 Services.exe)。

"登录类型"字段指明了发生的登录类型。最常见的类型是 2 (饮料)和 3 (网络)。



-“数据包名”指明在 NTLM 协议之间使用了哪些子协议。


I came across a similar issue while browsing for solutions, and I suspect that this might be a long-standing problem. Here are some relevant links:

10 Replies
Try deleting unnecessary items in Control Panel -> Credential Manager!
Thank you very much for your reply. I tried to look for the credentials in the credential manager, but I couldn't find any relevant credentials. It's possible that these credentials are not visible in the control panel.

I found that Outlook automatically uses the current Windows system login user credentials to authenticate with the Exchange server. For example, on my computer without a domain, the local user is Administrator. This results in corresponding authentication records for Administrator on the Exchange server, and multiple failed attempts can lead to the Administrator user account on the domain server being locked.

This method of using the Windows system user credentials for authentication is more suitable for domain-joined computers, but it can be problematic for non-domain computers when it comes to the Exchange system.

I'm wondering if there is a way to make Outlook only use its own email account credentials for authentication, instead of using the Windows system user credentials.

These are just my guesses and thoughts, and they may not be correct. I would like to understand the specific reasons and solutions. I welcome further discussion. Thank you.
Is same domain account and non-domain computer account?
There will be similar situations, but most of them are different.

When the domain account and the non-domain computer account are the same, the error code generated in the log is “0xc000006a, At this time, the user exists, but the password of the non-domain computer account does not match the password of the domain account. Frequent verification will cause the domain account to trigger the lockout policy.

When the domain account and the non-domain computer account are different, the error code generated in the log is ”0xc0000064.“ Using a non-domain computer account within the domain does not exist, and it will leave a large number of 4625 failure logs on the Exchange server.
Is Outlook Anywhere authentication method set to "NTLM" in Exchange Server 2016?
Currently, our OutlookAnywhere settings are as follows: external client authentication method is Basic, internal client authentication method is NTLM.
We have observed that the issue exists in both internal and external network environments. When checking the logs on the Exchange server, we can see that there are source IP addresses from both external and local network.

Here is the result of the Exchange PowerShell query.

[PS] C:\Windows\system32>Get-OutlookAnywhere |fl ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod,IISAuthenticationMethods
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalClientAuthenticationMethod is Basic.
Please change Basic to NTLM.

Basic Authentication:
This method is the simplest form of HTTP authentication, where the username and password are sent over the network in plain text (base64 encoded), which is inherently insecure unless used over HTTPS.
I will try to make the modification.
Also, I would like to know if changing the ExternalClientAuthenticationMethod to NTLM can solve the issue of Outlook using computer local user credentials. We have observed that the issue exists internally as well, and the InternalClientAuthenticationMethod is already set to NTLM.

Currently, our client communicates with the Exchange server using HTTPS and has an SSL certificate binding. Is it safe to use NTLM in this scenario?
It's better more than Basic Authentication.
I have changed the ExternalClientAuthenticationMethod to NTLM, but I still see failed authentication records for non-domain computer users in the Exchange server logs. Is there any other solution to this problem?