Enable NTLM authentication on your Exchange Server

Requires

  • Exchange 2007+
  • Admin access to Exchange

Robin connects to your Exchange server using Microsoft's proprietary authentication protocol, "NTLM". Most modern Windows Servers will already have NTLM enabled by default.

Office 365 does not support NTLM authentication, so Office 365 admins should use our integrated OAuth app instead.

What's NTLM?

NTLM is a proprietary secure authentication protocol from Microsoft. The NTLM protocol allows Robin to connect to an external Exchange host without transmitting a user's password. It also allows Robin to store Exchange credentials in a one-way encrypted fashion (called "hashing"), so that a user's Exchange password is never stored in raw plain-text. This is best practice for maintaining security.

Windows Servers have many different configurations that may prevent NTLM from working properly. This guide will help make sure that NTLM is configured correctly in your system for compatibility with Robin.

Robin will use NTLMv2 by default, but also supports v1

1
Log on to the Windows Server that hosts the Exchange server software, making sure to use Administrator Credentials.
2
Click Start, then Administrative Tools, then Local Security Policy. A new window should open.
3
The Local Security Policy window that opens should contain a left panel with an item titled Local Policies. Expand the Local Policies item, then click the inner Security Options item. The right side of the window should now contain a list of policies and their settings.
4
In the list of security policies, find the policy titled "Network Security: LAN Manager authentication level" and double-click it. A properties window should open.
5
In the "Network Security: LAN Manager authentication level" policy property window, click the drop-down menu and make sure that one of the options is selected. The most compatible and recommended option to choose here is the option titled "Send LM & NTLM - use NTLMv2 session security if negotiated". Once the option is set, click "OK" to save the configuration change.
6
Back in the list of security policies, find the policy titled "Network Security: Restrict NTLM: Incoming NTLM traffic" and double-click it to open the properties window for the policy.
7
In the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy property window, click the drop-down menu and select the option titled "Allow all" and then Click "OK".
8
Back in the list of security policies, find the policy titled "Network Security: Restrict NTLM: NTLM authentication in this domain" and double-click it to open the properties window for the policy.
9
In the "Network Security: Restrict NTLM: NTLM authentication in this domain" policy property window, click the drop-down menu and select the option titled "Disable" and then Click "OK".
10
Back in the list of security policies, find the policy titled "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" and double-click it to open the properties window for the policy.
11
In the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy property window, click the drop-down menu and select the option titled "Allow all" and then Click "OK".
12
Finally, close the Local Security Policy window.

With these configuration changes, your Exchange server should now be accessible by Robin via NTLM authentication through your Windows Server. Keep in mind you may need to reload or reboot the server before it takes full effect.

Articles in this section

Was this article helpful?
15 out of 29 found this helpful
Share