Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You are locked out of the domain after you start Outlook 2010 in a hybrid Exchange environment

You are locked out of the domain after you start Outlook 2010 in a hybrid Exchange environment

View products that this article applies to.

Symptoms

Consider the following scenario:

  • A domain account and a Microsoft Office 365 account have the same user principal name (UPN).
  • The passwords for the two accounts differ, and Active Directory Federation Services is not used in the domain.
  • The default lockout value is set to a value other than the default value.
  • You log on to the domain on a computer that's running Windows 7, and then you start Microsoft Outlook 2010.
  • You send some WinHTTP requests to Office 365. For example, you open a shared calendar.
  • Exchange is in a hybrid configuration in which some mailboxes or resources are split between on-premises and cloud Exchange servers.
In this scenario, you are locked out of the domain.

↑ Back to the top

Resolution

To resolve this issue, apply the following hotfix package:
2553391 Description of the Outlook 2010 hotfix package (Outlook-x-none): December 11, 2012

Registry key information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
After you apply the hotfix package, follow these steps to enable the hotfix:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then select the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
  3. On the Edit menu, point to New, and then click Key.
  4. Type PerDomainDisabledWebAuthenticationType, and then press Enter.
  5. Select the PerDomainDisabledWebAuthenticationType key, point to New on the Edit menu, and then click DWORD (32-bit) Value.
  6. Type DomainName, and then press Enter.

    NoteDomainName is a placeholder for the Office 365 domain for which you want to disable the Negotiate authentication.
  7. In the Details pane, right-click DomainName, and then click Modify.
  8. In the Value data box, type 10, and then click OK.

    Note This is a hexadecimal value. After you click OK, it is displayed as 0x00000010 (16).
  9. Exit Registry Editor.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

2598365 You are locked out of the domain after you start Outlook 2010

2598366 You are locked out of the domain after you start Outlook 2007
For scenarios with on-premises or hybrid Exchange deployments:
2760398 You are locked out of the domain after you start Outlook 2007 in a hybrid Exchange environment

↑ Back to the top

Keywords: kbqfe, kbsurveynew, kbexpertisebeginner, kbbug, kbfix, kb

↑ Back to the top

Article Info
Article ID : 2760400
Revision : 1
Created on : 1/7/2017
Published on : 2/6/2015
Exists online : False
Views : 258