SMTP server has NTLM authentication disabled

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at]  

Topic Last Modified: 2006-11-10

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine whether the NTLM authentication protocol (also known as Integrated Windows Authentication) bit in the msExchAuthenticationFlags attribute is set. If the Exchange Server Analyzer determines that the bit is not set, and Exchange is not running on Microsoft Windows® Small Business Server, a warning is displayed.

The msExchAuthenticationFlags attribute indicates which type of authentication a protocol virtual server accepts. This attribute uses a three-bit mask.


Bit Authentication Method






NTLM (Integrated Windows Authentication)

If the bit that controls NTLM authentication is not set, the SMTP virtual server will not allow NTLM authentication. This can cause authentication problems between Exchange Server computers.

  1. Open Exchange System Manager.

  2. Expand Servers, expand the server Name, expand Protocols, and then expand SMTP.

  3. Right-click the Exchange SMTP virtual server, and then click Properties.

  4. Click the Access tab, click Authentication, and then click to select the Integrated Windows Authentication check box.

  5. Click OK, and then click OK again.

  6. Close Exchange System Manager.

For more information about authentication methods for SMTP, see the Exchange Server 2003 Transport and Routing Guide (, and see the Microsoft Knowledge Base article 319267, "HOW TO: Secure Simple Message Transfer Protocol Client Message Delivery in Exchange 2000" (


Community Additions