Exchange 2013 Outlook Anywhere can't be set on windows xp and outllook 2010

Hi everybody! I have an issue with Exchange Server 2013 and outlook anywhere connectivity from Outlook 2010, installed on Windows XP machine.
The issue is that when I setup Outlook 2010 client to connect to Exchange 2013 via outlook anywhere, authentication prompt appears,
but when I fill username and password it does not accept it (User: domain\username, Pass: password).
I tried to find an answer here, but with no luck. Let me describe the environment.

Server side:

Exchange server 2013 with certificate, enrolled from our internal CA server. SAN records in certificate are mail.domain.lan and 
autodiscover.domain.lan.
The certificate is imported on the server, services IIS and SMTP are assigned.
When I enter in browser https://mail.domain.lan/autodiscover/autodiscover.xml the page displays correctly with code 600, which is normal.

Internal and external URLs in Outlook Anywhere section in Exchange 2013 management console are:

Internal: mail.domain.lan
External: mail.domain.lan
Authentication type: NTLM (also tryed Negotiate, it does not work).
SSL Offloading is checked.

I have set also the outlook provider through management shell as follows:

Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.domain.lan

Set-OutlookProvider EXCH -CertPrincipalName msstd:mail.domain.lan

Autodiscover setting is done again through management shell and it is:

Set-ClientAccessServer -Identity CAS01 -AutoDiscoverServiceInternalUri https://mail.domain.lan/Autodiscover/Autodiscover.xml

SRV resouce record for autodiscover exists on DNS server.

Workstation side:

The internal CA root certificate is imported in trusted root certification authorities store.

Outlook Anywhere is set on the Outlook 2010 as follows:

Use this URL to connect to my proxy server for Exchange: mail.domain.lan
Checked - Connect using SSL only
Checked - Only connect to proxy servers that have this principal name in their certificate: msstd:mail.domain.lan
Checked - On fast networks......
Checked - On slow networks......
Authentication type: NTLM

I have made tests from testexchangeconnectivity.com and the only error is that the certification chain cannot be verifyed,
which is normal because of the self-issued certificate.

I am trying to find a solution since monday, this week, unfortunately with no luck.
Help!!! :)