Environment:
Server: Windows Server 2016 + Exchange Server 2016 CU4
Client: Windows XP sp3 + outlook 2010 sp2
Outlook cannot be configured in the above environment, and it will always prompt for a password, which is normal under win7. The workaround is as follows:
List the workarounds for other environments without a hitch:
Exchange 2007/2010Set-OutlookAnywhere -Identity 'SERVER\Rpc (Default Web Site)' -SSLOffloading $true -ClientAuthenticationMethod NTLM -IISAuthenticationMethods Basic,NTLM
Exchange 2013+ with backwards compatibility with Outlook 2010 and 2007Set-OutlookAnywhere -Identity 'SERVER\Rpc (Default Web Site)' -SSLOffloading $true -ExternalClientAuthenticationMethod NTLM -InternalClientAuthenticationMethod NTLM -IISAuthenticationMethods Basic,NTLM,Negotiate
Exchange 2013+ with Outlook 2013+
Set-OutlookAnywhere -Identity 'SERVER\Rpc (Default Web Site)' -SSLOffloading $true -ExternalClientAuthenticationMethod Negotiate- InternalClientAuthenticationMethod Negotiate -IISAuthenticationMethods Basic,NTLM,Negotiate
Set the CertPrincipalName for the OutlookProvider settings.
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:(Subject name of certificate)
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:(Subject name of certificate)
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:(Subject name of certificate)
Set Client Access Server's Autodiscover:
Set-ClientAccessServer -Identity 'SERVER' -AutoDiscoverServiceInternalUri 'https://OWAHOSTNAME/Autodiscover/Autodiscover.xml'
Set up all IIS virtual directories:
Set-ActiveSyncVirtualDirectory -Identity 'SERVER\Microsoft-Server-ActiveSync (Default Web Site)' -ActiveSyncServer 'https://OWAHOSTNAME/Microsoft-Server-ActiveSync' -InternalUrl 'https://OWAHOSTNAME/Microsoft-Server-ActiveSync' -ExternalUrl 'https://OWAHOSTNAME/Microsoft-Server-ActiveSync'
Set-EcpVirtualDirectory -Identity 'SERVER\ecp (Default Web Site)' -InternalUrl 'https://OWAHOSTNAME/ecp' -ExternalUrl 'https://OWAHOSTNAME/ecp'
Set-OabVirtualDirectory -Identity 'SERVER\OAB (Default Web Site)' -InternalUrl 'https://OWAHOSTNAME/OAB' -ExternalUrl 'https://OWAHOSTNAME/OAB' -RequireSSL $true
Set-OwaVirtualDirectory -Identity 'SERVER\owa (Default Web Site)' -InternalUrl 'https://OWAHOSTNAME/owa' -ExternalUrl 'https://OWAHOSTNAME/owa'
Set-AutodiscoverVirtualDirectory -Identity 'SERVER\Autodiscover (Default Web Site)' -InternalUrl $null -ExternalUrl $null
Set-PowerShellVirtualDirectory -Identity 'SERVER\PowerShell (Default Web Site)' -InternalUrl 'https://OWAHOSTNAME/powershell' -ExternalUrl 'https://OWAHOSTNAME/powershell' -RequireSSL $true
Set-WebServicesVirtualDirectory -Identity 'SERVER\EWS (Default Web Site)' -InternalUrl 'https://OWAHOSTNAME/ews/exchange.asmx' -ExternalUrl 'https://OWAHOSTNAME/ews/exchange.asmx' -InternalNLBBypassUrl $null
Set the FQDN option of all the enabled Send Connectors:Get-SendConnector | Where-Object {$_.Enabled -eq $true} | Set-SendConnector -Fqdn OWAHOSTNAME
After restarting IIS, the client configuration is normal!