Just passing along as FYI, but I ran into a situation last week when running Outlook 2007 on Windows Vista or 7. Using the default security settings shown below, a user could not create a new mail profile. It did not matter if you tried to create the profile using Exchange 2007 Autodiscover or Manually. When creating the mail profile, a domain authentication pop-up kept appearing and even thought the machine was joined to the domain and valid user credentials were entered, the authentication pop-up persisted. Ultimately, the user account would be locked out.

If we unchecked Encrypt data between Microsoft Office Outlook and Microsoft Exchange, you could successfully create a new mail profile. After the mailbox was opened for the first time, we checked the box once again, and the domain authentication pop-ups returned.

We also noticed that if changed Logon Network Security to Kerberos Password Authentication, you could leave the “Encrypt” option enabled.

So, to successfully create a new mail profile, launch Outlook, and use Outlook encryption successfully, we had to:
a. Disable the encryption option (when creating the profile, you could click More Settings and then the Security tab to disable)
b. Launch Outlook and let it build the mailbox
c. Close Outlook
d. Re-enable the Encryption option, remembering to also set logon network security to Kerberos Password Authentication.
e. Open Outlook

But really, who wants to go through all this to create a mail profile?

We had a test lab, duplicating our production environment (almost) and we could not duplicate the issue within the lab. Now, in production, the Exchange servers and the end users are in different physical locations. The Exchange servers run on ESX servers located in the “Co-Lo” datacenter. The lab existed within our office building, thus nothing was going over the WAN.

We went over to the datacenter with a Windows 7 machine to verify if our problem lied somewhere with the network setup/gear, and sure enough, our test machines worked just fine with Outlook’s default Encryption and logon network security settings.

The network traffic between the datacenter and office building is optimized with Riverbed appliances. In speaking Microsoft on this issue, it turns out that, when running Outlook 2007 on Windows Vista or 7, the optimization Enable MAPI Exchange 2007 Acceleration needs to be disabled to use Outlook 2007’s default security settings.

At this time, I personally cannot verify that the issue is resolved by disabling this optimization, I only have Microsoft’s “word” as the network team wants to open a case with Riverbed to discuss the issue further. However, as soon as I hear any additional information concerning this issue, I’ll pass it along. Again, I just wanted to pass along the information. If you have additional information, please leave a comment, I’d love to hear them.