Why Edge IE Mode Hangs on Sites Using Old NTLM Auth on Windows 11
🔍 WiseChecker

Why Edge IE Mode Hangs on Sites Using Old NTLM Auth on Windows 11

by

Quick fix: Edge IE Mode uses MSHTML which still supports NTLM but may hang on sites that require pre-emptive NTLM authentication. Enable pre-emptive NTLM in Internet Options: inetcpl.cpl → Security → Local intranet → Sites → Advanced — add the site, then under Internet Options → Advanced → Security, check Enable Integrated Windows Authentication.

You configured Edge IE Mode for an old intranet site. The site uses NTLM for SSO. When you visit, IE Mode loads then hangs — the page never completes loading. Other IE Mode sites work fine. Specifically this site doesn’t complete its NTLM handshake.

Symptom: Edge IE Mode hangs on internal sites using old NTLM authentication.
Affects: Windows 11 with Edge IE Mode and NTLM-protected internal sites.
Fix time: 15 minutes.

ADVERTISEMENT

What NTLM negotiation requires

Old NTLMv1/v2 sites expect the browser to pre-emptively send credentials (rather than waiting for a 401 challenge). Modern browsers don’t do this by default for security. The browser sends the request, gets a 401, sends with credentials, gets another 401 (NTLM type 2 message), responds. If the site loops or expects credentials in the first request, the negotiation hangs.

Method 1: Add the site to Local Intranet zone

  1. Open inetcpl.cpl.
  2. Security tab → Local intranet → Sites → Advanced.
  3. Add the site URL (e.g., http://intranet.company.com).
  4. OK out. Sites in Local Intranet automatically use pre-emptive Windows auth.
  5. Reload in IE Mode.

ADVERTISEMENT

Method 2: Enable Integrated Windows Authentication

  1. inetcpl.cpl → Advanced tab.
  2. Scroll to Security section.
  3. Check Enable Integrated Windows Authentication.
  4. OK. Restart Edge (close all windows).

Method 3: Configure via Group Policy

  1. gpedit.msc → User Configuration → Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → Security Page.
  2. Open Site to Zone Assignment List. Add the site mapped to Local Intranet zone (value 1).
  3. gpupdate /force.

Verification

  • Site loads in IE Mode without hang.
  • SSO succeeds; you don’t see credential prompts on intranet sites.

If none of these work

For some legacy SharePoint or custom NTLM apps, you may need to enable specific cipher suites: open Internet Options → Advanced and check legacy SSL/TLS options. For chronic NTLM issues, coordinate with the site admin to upgrade to Kerberos.

Bottom line: NTLM hangs in IE Mode = missing pre-emptive auth. Add site to Local Intranet zone and enable Integrated Windows Auth.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You