Home » Exchange Server » Unexpected Authentication Prompts in Outlook

Unexpected Authentication Prompts in Outlook

I build a lot of Exchange environments – for customers, for testing, for training courses. My build process is fairly well refined, and avoids common issues like incorrect namespace configuration or invalid SSL certificates. But every now and then I’ll encounter an intermittent issue with users reporting unexpected Outlook authentication prompts. For a domain-joined computer running Outlook and connecting to Exchange, authentication prompts should be non-existent, assuming everything is configured correctly.

It’s difficult to write this article without going into a long list of possible causes of authentication prompts in Outlook, but in the cases I had looked at:

  • The namespace and SSL certificate configurations were correct
  • The virtual directory settings on servers had not been incorrectly modified
  • Sufficient time had passed for any Autodiscover caching on servers to have expired
  • Load balancers had been bypassed
  • Individual Exchange servers had been excluded from client connectivity
  • Kerberos authentication had been deployed/removed

And yet the random, unexpected authentication prompts continued.

After seeing these issues for some time, I recently learned that I was not alone. Several other MVPs had also seen the issues at their customers. But the intermittent nature meant that customers were often reluctant to continue to engage a consultant to troubleshoot the issue, or to open a case with Microsoft, and so visibility of the issues were lost.

After lengthy discussion and testing in various environments to try and reliable reproduce the issue, we began to narrow it down to a potential problem with MAPI-over-HTTP (or MAPIHttp). MAPIHttp is the protocol that replaces Outlook Anywhere (RPC-over-HTTP) for Exchange Online, and optionally for Exchange 2013 and 2016 on-premises environments. Unfortunately, what we discovered was that disabling MAPIHttp made the Outlook auth prompts go away completely.

It’s not ideal to be turning off MAPIHttp in production environments. RPC-over-HTTP has been deprecated, so we can expect it to go away at some stage in the future. MAPIHttp is the future, so it really needs to work. But all signs pointed to an issue with MAPIHttp.

However, after some persistent work by a few MVPs working with Microsoft support, it seems the cause of the unexpected Outlook authentication prompts has finally been identified as a bug with Outlook itself. I wasn’t involved in identifying the root cause of the bug other than sharing my own testing results with the group, but wanted to write up the outcome here for maximum visibility. MVP Ingo Gegenwarth has written a blog post explaining the technical details of the issue. He also shares the good news that Outlook 2016 received an update in September that fixes the bug, and that Outlook 2013 has a fix coming soon as well.

So if you’re experiencing unexpected Outlook authentication prompts in your on-premises environment, and you’re absolutely sure you’ve ruled out all other causes, try updating Outlook to one of the builds that has the bug fix included in it, or try disabling MAPIHttp for a few mailboxes to see if the problem goes away.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server


  1. David says:

    You’re the king when it comes to Exchange builds, as always. Can’t tell you how many issues I solved / avoided after reading your articles. Thanks!

  2. Mike says:

    And here all this time I thought MS was just toying with our mailboxes like a dollar bill at the end of a fishing line. It’s nice to know that my pessimism was unfounded. Now I can let my users know that it wasn’t me toying with their Outlook mailboxes and perhaps dissuade their pessimism.

    As always, we enjoy the write-ups for all things Exchange. If it doesn’t make our lives easier, it at least helps us understand the enveloping chaos.

  3. Ricardo says:

    Paul, I have been having several cases opened with MS, but hasn’t been resolved. We are on a hybrid solution and it seems like some of our users starting getting the authentication prompt after we migrated them to O365. Lost connection to Public Folders. It was fixed temporarily after re-creating Outlook profile and deleting all the files under C:UsersusernameAppDataLocalMicrosoftOutlook. I will try to upgrade them to Outlook 2016 and see if that resolves the issue. Thanks

  4. Rico Ebol says:

    Hi All,

    Today we have just experience the Outlook authentication prompt. I have only single Exchange Server 2016. The only thing I did today is replacing the SSL Certificate. That was in the morning, but then later in the afternoon, some users started getting prompt to enter their password. I noticed that it is mostly happening to users running Windows 10 w/Outlook 2016, Windows 7/8 w/Outlook 2016. But those running Windows 7 w/Outlook 2010 are not affected. The weird thing is it is happening only when connected on LAN, but if over the Internet, it works. I am really puzzled. I tried all possible solution available on the net including Paul’s suggestion, with no luck.

    I appreciate any suggestion/help.

    Thanks in advance!

    • Allen Boutwell says:

      Do any of you have any updates on what was done to resolve your intermittent password prompts? I am currently working a ticket with Microsoft where a customer started receiving the prompts from Outlook 2013 clients connected to mailboxes on Exchange 2010.

Leave a Reply

Your email address will not be published. Required fields are marked *