Hello Everyone, I was hoping someone can explain how RPC over HTTP, and OWA works in a Multiforest environment, specifically with regards to authentication (Kerberos and NTLM). I have been trying to find some specific documentation online with no luck. From what I have been told the infrastructure is as follows: There are many account forests due to the nature of our business, they all currently connect to an Exchange 2003 resource forest. All forests are connected via a forest to forest transitive trust. The RPC over HTTP topology is deployed as a Front-End and Back-End server with ISA 2006 in the perimeter network. My question revolves around authentication. How are users from multiple account forests that are connecting via the internet (workgroup or non-connected Domain computers) through RPC over HTTP, authenticate to the exchange servers in the resource forest?? How are these users authenticated using basic authentication in IIS?? And are the exchange servers forwarding authentication requests to the resource DC’s with in turn are forwarding the request to the appropriate DC’s in the users account forest via the forest trust? Any documentation on the full authentication process will be extremely helpful!

Hi, Please understand when RPC over HTTP client or OWA client connects to Front End Exchange Server, actually, the WWW service is responsible for authenticate the user. Regarding Kerberos and NTLM authentication process for cross forest user, I would like to explain that it is an AD related question. I recommended you post your question to Windows Server forum to have AD expert to answer your question: http://social.technet.microsoft.com/Forums/en-US/category/windowsserver In addition, you can also read following article for Kerberos authentication: How the Kerberos Version 5 Authentication Protocol Works http://technet.microsoft.com/en-us/library/cc772815(WS.10).aspx In the Kerberos Processes and Interactions section of the article, there is an example for cross-domain authentication. ~~~~~~~~~~~~~~~~ Mike Shen TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com ~~~~~~~~~~~~~~~~