A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
Hello Aleksandr Aleksandr
When launching Outlook on a domain-joined machine, does it fail before showing any ADFS login page, or does the ADFS prompt appear but then fail? To help narrow it down, please check the following in order:
1> On one affected machine, set these two registry keys:
PowerShellSet-ItemProperty -Path "HKCU:\Software\Microsoft\Exchange\" -Name "AlwaysUseMSOAuthForAutoDiscover" -Value 1 -Type DWord
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity\" -Name "EnableADAL" -Value 1 -Type DWord
Restart Outlook and test. Let me know if the behavior changes.
2> Please run the following commands on your Exchange server and share the output:
PowerShellGet-OrganizationConfig | fl OAuth2ClientProfileEnabled
Get-AuthServer | fl Name, Type, AuthMetadataUrl, IsDefaultAuthorizationEndpoint
Get-MapiVirtualDirectory | fl Server, *AuthenticationMethods*
Get-WebServicesVirtualDirectory | fl Server, *AuthenticationMethods*
We need to confirm:
- OAuth2ClientProfileEnabled is $true
- An AuthServer of type ADFS exists and is set as default
- OAuth is listed in the authentication methods for MAPI and EWS
3> On your ADFS server, please verify:
- The Relying Party Trust created for Outlook has proper claims rules (UPN or Email Address)
- -The token-signing certificate is valid and not expired
- Clients can reach the CRL distribution point of the token-signing certificate
4> If the above doesn’t help, please try:
- Create a new Outlook profile on a failing machine and test.
- Clear any cached credentials in Credential Manager related to your Exchange or ADFS server.
- On the ADFS server, ensure Forms Authentication is also enabled under Service > Authentication Methods > Primary Authentication > Intranet as a fallback.
- Recheck Outlook version, refer this section: https://learn.microsoft.com/en-us/Exchange/plan-and-deploy/post-installation-tasks/enable-modern-auth-in-exchange-server-on-premises?view=exchserver-2019#outlook-on-windows
Hope this info helpful, looking forward to your reply.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.