Missing auth provider after Exchange 2013 Upgrade

Hey folks,

I recently experienced an Exchange environment behaving strange after an upgrade from Exchange 2013 CU7 to Exchange 2013 CU11. What happend?

After upgrading both of the two Exchange servers in a customer’s environment users experienced logon prompts every time Outlook was restarted. The Outlook setting “Always prompt for logon credentials” was not set on those clients. Knowing the fact that the customer uses MAPI/http in the Exchange environment I checked Windows auth settings on mapi virtual directory in IIS – everything was fine. I did the same for all other front end directories and realized that Autodiscover virtual directory had Windows Authentication enabled but no providers configured.


After enabling Negotiate and NTLM providers for Autodiscover virtual directory everything worked as expected again.


Before you upgrade Exchange environments to a new CU it is always best practice to save individual server settings including authentication settings on your virtual directories as these could be reset to default values or OWA web.config settings for Skype 4 Business integration into Outlook Web App. Remember: Individual server settings are not necessarily stored in Active Directory.

Author: Tom Janetscheck

Cloud Security Enthusiast | Security Advocate

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: