SYMPTOMS

When trying to login to a mail box using a client with NTLM enabled the authentication is failing.  This article is only applicable if the authentication is working with NTLM turned off for the SMTP, POP and IMAP services but not working when NTLM security is enabled.

CAUSE

The MailEnable NTLM authentication is only compatible with NTLMv1. If a client machine or mobile device is configured to only use NTLMv2 then authentication will fail. The policy setting on the client and server must be compatible in order for authentication to be successful. Windows Vista and Windows 7/8 by default install with only NTLMv2 enabled, so need to have their configuration updated to use Secure Password Authentication with MailEnable.

RESOLUTION

To resolve this, ensure that the client and servers are set to negotiate NTLMv1. This can be set by opening the Administrative Tools folder under Control Panels, and selecting Local Security Policy. Expand the Local Policies branch, and select Security options. Double-click Network Security: LAN manager authentication level in the policy list and select one of the following:

One of the following options can be selected:

Send LM & NTLM responses

Send LM & NTLM - use NTLMv2 session security if negotiated

Due to NTLMv1 being insecure it is recommended that any connection using NTLMv1 is done over SSL.

MORE INFORMATION

To find out more about the MailEnable NTLM configuration please review the product manual available here:http://www.mailenable.com/references.asp