After QMMAD is used to migrate user accounts and is configured to disable source accounts and enable target account (i.e. Setting "Associated External Account") , Outlook may prompt for credentials when launched.
The source domain maybe set to accept "NTLM only" authentication. If Outlook is configured to use Kerberos/NTLM it may fail to authenticate. It first asks for kerberos authentication by prompting for credentials.
Configured both the domain and Outlook to agree on the preferred choice of authentication. Typically, Kerberos would be the defacto standard for domain infrastructure with transitive trusts in place. However, depending on the network design you may need to configure alternate authentication such as NTLM. See "Additional Information" section below.
While Kerberos has replaced NTLM as the default authentication Protocol in an Active directory based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web
NTLM is still used in the following situations:
In Windows Vista and above, neither LM nor NTLM are used by default. NTLM is still supported for inbound authentication, but for outbound authentication a newer version of NTLM, called NTLMv2, is sent by default instead. Prior versions of Windows (back as far as Windows NT 4.0 Service Pack 4) could be configured to behave this way, but it was not the default.
reviewed feb 19 2020
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center