I recently experienced an Exchange environment behaving strange after an upgrade from Exchange 2013 CU7 to Exchange 2013 CU11. What happend?
After upgrading both of the two Exchange servers in a customer’s environment users experienced logon prompts every time Outlook was restarted. The Outlook setting “Always prompt for logon credentials” was not set on those clients. Knowing the fact that the customer uses MAPI/http in the Exchange environment I checked Windows auth settings on mapi virtual directory in IIS – everything was fine. I did the same for all other front end directories and realized that Autodiscover virtual directory had Windows Authentication enabled but no providers configured.
After enabling Negotiate and NTLM providers for Autodiscover virtual directory everything worked as expected again.
Before you upgrade Exchange environments to a new CU it is always best practice to save individual server settings including authentication settings on your virtual directories as these could be reset to default values or OWA web.config settings for Skype 4 Business integration into Outlook Web App. Remember: Individual server settings are not necessarily stored in Active Directory.