Zix | AppRiver Status - Hosted Exchange - Unable to log into Outlook Desktop

Hosted Exchange - Unable to log into Outlook Desktop

Incident Report for Zix | AppRiver

Update

If you still experience password prompts on your Outlook clients after ruling out your third-party AV causing the issue, you should check the following registry key / value on your computer unless you have an Active Directory Group Policy Object (GPO) policy overriding your local computer. Please check with your IT admin if you have a GPO configured (Please Note, Zix/Appriver support cannot directly support GPO configurations).

----------------------------------------------------------------------------------------------------------------------------------------

From user computer:

- Registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

- Registry value: LmCompatibilityLevel

- It must be set at least to a value of 3 which is Send NTLMv2 response only. If the key is not there the computer will default to a value of 3 unless you have an Active Directory GPO overriding the local computer.

-------------------------------------------------------------------------------------------------------------------------------------------

If your admin is using Active Directory GPOs instead to set your security policy, please verify the following Policy location to ensure it is set to one of the supported values below. (Please Note, Zix/Appriver support cannot directly support GPO configurations).

Policy location: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Policy Name: Network security: LAN Manager authentication level

Unsupported values
Send LM & NTLM responses
Send LM & NTLM - use NTLMv2 session security if negotiated
Send NTLM responses only

Supported values
Send NTLMv2 responses only
Send NTLMv2 responses only. Refuse LM
Send NTLMv2 responses only. Refuse LM & NTLM
Not Defined

Posted Mar 09, 2024 - 19:40 CST

Monitoring

We are getting reports of some users unable to log into Outlook desktop but can successfully log into Outlook Web Access.

There was a recent Microsoft Exchange security update that could be causing this impact if you are using an outdated non-supported version of Outlook or using an Anti-Virus service on your computer. Clients using AV that does endpoint protection of the Outlook connections could cause repeated login prompts as that would appear as a man-in-the-middle attack.

Please ensure you are currently running at least Outlook 2013 (that is fully updated) or newer.
*Please note however, Outlook 2013 Microsoft end of life was on April 11th, 2023, so it is further recommended to run at least Outlook 2016 or newer*

If you have a third-party Anti-Virus service running on your computer, please temporarily disable the setting doing endpoint protection on Outlook connections through your AV, restart Outlook, then see if you can successfully log into Outlook.
If successful, this indicates your AV could be running encrypted connection checks on Outlook connections or could be running an AV that needs to be updated.

We recommend to please contact your AV service provider / support team to report this issue for assistance.

Posted Mar 09, 2024 - 13:59 CST

This incident affects: Secure Hosted Exchange (Exchange 2013/2016+ (EXG7)).