Save Your Exchange Password in Microsoft Outlook 2003/2007
RPC over HTTP/S is a method for connecting your Outlook 2003/2007 client to the corporate Exchange Server 2003/2007 from the Internet or WAN, without the need to establish a VPN session to the corporate LAN and/or needing to open many ports on your corporate firewall. You can read more about it on my “How can I configure RPC over HTTP/S on Exchange 2003 (single server scenario)?” and “How can I configure Outlook 2003 to use RPC over HTTP/S?” articles (and elsewhere on the site).
In Windows XP or Windows Vista, it is my experience that in most cases Outlook 2003/2007 only asks you for your password the first time you open it, but afterwards that password is stored locally and you are no longer prompted for it. However, in some cases you are constantly prompted to enter your Exchange account password each time you open Outlook 2003/2007.
It seems that if the machine is a member of the same domain as the Exchange server, the user should not have to authenticate again, and the entire authentication process should be completely transparent. However, if the machine is not a member of the domain, then it appears that some people have got it to save the password and some have not.
If you are running on Windows XP, Windows 2003 or Windows Vista, it is possible to save your password in Outlook 2003/2007.
In order to save your password for Outlook 2003/2007 please follow one of these steps:
Method #1 (works in most cases)
Sometimes, when creating the Outlook profile, the Proxy Authentication Settings in the Connection option of the Exchange profile will be set to Basic Authentication rather than NTL Authentication.
Basic authentication requires that you continue to type your user account credentials anytime Outlook is re-opened. There is no way for the client to submit your user name and password automatically. So, if you want to log on automatically, you must configure your Outlook profile to use NLTM authentication to your proxy server for Exchange. The authentication mechanism that you configure in Outlook is used only for the HTTP session to your proxy server for Exchange. The actual authentication between Outlook and your Exchange server always uses NTLM.
Note: Before you switch to using NTLM authentication, you must verify with your administrator that NTLM authentication is permitted or even possible in your environment. Many firewalls and proxy servers will prevent successful NLTM authentication, whereas Basic authentication will work successfully. See the More Information section for additional details.
To change the authentication mechanism on the Outlook client to NTLM, follow these steps:
- Start Outlook 2003/2007. On the Tools menu, click E-mail Accounts or Account Settings, depending on your version of Outlook.
- Double-click on your Exchange account.
- On the Exchange Server Settings page, click More Settings.
- Click the Connection tab.
- Click Exchange Proxy Settings.
- Under Proxy authentication settings, click NTLM Authentication in the Use this authentication when connecting to my proxy server for Exchange list.
- Click OK two times. Click OK again in response to the prompt that you must restart Outlook for the changes to take effect.
- Click Next, and then click Finish.
- Restart Outlook.
Method #2 (it won’t hurt to try if method #1 doesn’t work)
If your account is already configured to use NTLM authentication and you are still prompted for your user name and password when you are logged on as the Windows account that has access to your Exchange mailbox, you must set the LmCompatibilityLevel on your client computer’s registry to a value of 2 or 3. To do this, follow these steps.
This document contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk. Always back up the registry before making any changes. If you do not feel comfortable editing the registry, do not attempt these instructions. Instead, seek the help of a trained computer specialist.
- Open the Registry Editor by clicking Start > Run. Type regedit in the box, and then press Enter.
- Locate and then click the following registry subkey:
- In the right pane, double-click lmcompatibilitylevel.
- In the Value data box, type a value of 2 and then click OK.
- Close Registry Editor and restart your computer.
Method #3 (sometimes complements the above 2 methods)
I’ve seen this work in occasion, so I guess it won’t hurt to add it here.
Note: This process has been recommended by Microsoft, however for reasons unknown to me it does not always work. I have posted it here it here as a recommendation.
- Find your Exchange Server name in your Outlook Profile. The server name is the name of the server that actually hosts your mailbox.
- Open the Windows Key Manager by clicking Start > Run and typing control keymgr.dll. Click Enter.
- In the Stored Username and Passwords window, click Add.
- Enter your Server Name from Step 1, then enter your domain\mailbox name and enter your mailbox password.
- Click OK and click Close.
- Launch Outlook. When prompted for your password, click Remember Password.
- Close Outlook after login is complete.
- Repeat Steps 3-5.
- Launch Outlook – you should not be prompted for your password.
Method #4 (if nothing else works)
Download a free tool called OutlookAutologin. The tool launches Outlook and automatically enters the password needed to connect to the Exchange server. The first time you launch OutlookAutologin.exe, it asks you to enter the password. This password is then saved and will be automatically used each time you launch Outlook via OutlookAutologin.exe.
Be warned, the author of this tool does not offer any sort of support, nor do I, so use at your own risk.
Download here: OutlookAutologin
- You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature – 820281
- LMCompatibilityLevel and Its Effects – 175641
- Lmcompatibilitylevel | Carl’s Blog
- Jesper’s Blog : How LMCompatibilityLevel really works
- Get Outlook 2003 RPC Over HTTP To Remember Your Password
Recent Exchange Forum threads
Got a question? Post it on our Exchange Server Forums!
More in Exchange Server
Microsoft Recommends IT Admins to Patch Exchange Servers
Jan 27, 2023 | Rabia Noureen
Microsoft Releases Exchange Server Updates to Improve Security of PowerShell Payloads
Jan 11, 2023 | Rabia Noureen
Microsoft Warns About New Zero-Day Vulnerabilities in Exchange Server
Sep 30, 2022 | Rabia Noureen
Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
Jul 27, 2022 | Rabia Noureen
Kaspersky Discloses New 'SessionManager' Backdoor Targetting Microsoft Exchange Servers
Jul 1, 2022 | Rabia Noureen
M365 Changelog: (Updated) Safe Links Global Settings Migrated to Custom Policies
Jun 28, 2022 | Petri Staff
Most popular on petri