Outlook HTML messages

Unanswered Question
Mar 20th, 2008
User Badges:

We have transparent authentication through AD set up, and it's working fine for IE and Firefox, but it still prompts in email with linked images.

What would be the best way to fix this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jowolfer Fri, 03/21/2008 - 17:20
User Badges:


Here is some data regarding this issue:

In Windows XP SP2 and above (not sure if this applies to Vista), Microsoft implemented stricter security policies on sending credentials and cookies via Outlook when it is accessing an email that contains linked content / images.

This causes each object / image in the email to require manual authentication. Each object will prompted for, making it cumbersome to read emails with many linked objects.

There is a hot fix provided to 'fix' this issue. The KB article linked to the hotfix is 895948. This article is PRIVATE and thus cannot be found by searching the Microsoft website.

In order to get this hotfix, you will need to contact Microsoft at 1-800-936-4900. You can reference IronPort case number SRX070910600725

IronPort does not have any knowledge in automatically deploying this hotfix to the clients on the network. It is possible that a NETLOGON batch file could be used to implement this. The hotfix contains several files that need to overwrite local Outlook files as well as a registry key to change.


Microsoft's official workaround is to only use email where the images are embedded into the email, not linked.

IP credential cache can be used instead of Cookie. This would allow the WSA to only need to authenticate the client once from their IP within the credential cache timeout. Please note that unless they authenticate with IE first, they will still be prompted for auth the first time they access an object via Outlook.

jhouck99_ironport Tue, 03/25/2008 - 17:22
User Badges:

The hotfix didn't seem to help on the one machine I tested on (I asked for someone else to try as well, but he was in a meeting). So I tried the workaround, which seems to be working.


jowolfer Wed, 03/26/2008 - 16:06
User Badges:


That's odd. That information is straight from the horses mouth =). I've applied that patch in the past and was successful.

Let me know if we can assist in any other way.

It's possible that we may be able to workaround this issue when the "bypass auth based on user-agent" option is available, but I don't believe Outlook uses a special user-agent.

jhouck99_ironport Mon, 05/12/2008 - 15:08
User Badges:

We had been using the workaround for the past couple of months, but had one person for whom the workaround seemed to stop working. I applied the hotfix and now it's good.

Very weird...


This Discussion