Topic Last Modified: 2006-11-10

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine whether the NTLM authentication protocol (also known as Integrated Windows Authentication) bit in the msExchAuthenticationFlags attribute is set. If the Exchange Server Analyzer determines that the bit is not set, and Exchange is not running on Microsoft Windows® Small Business Server, a warning is displayed.

The msExchAuthenticationFlags attribute indicates which type of authentication a protocol virtual server accepts. This attribute uses a three-bit mask.

Bit Authentication Method






NTLM (Integrated Windows Authentication)

If the bit that controls NTLM authentication is not set, the SMTP virtual server will not allow NTLM authentication. This can cause authentication problems between Exchange Server computers.

To correct this warning

  1. Open Exchange System Manager.

  2. Expand Servers, expand the server Name, expand Protocols, and then expand SMTP.

  3. Right-click the Exchange SMTP virtual server, and then click Properties.

  4. Click the Access tab, click Authentication, and then click to select the Integrated Windows Authentication check box.

  5. Click OK, and then click OK again.

  6. Close Exchange System Manager.

For more information about authentication methods for SMTP, see the Exchange Server 2003 Transport and Routing Guide (, and see the Microsoft Knowledge Base article 319267, "HOW TO: Secure Simple Message Transfer Protocol Client Message Delivery in Exchange 2000" (