Exchange 2007 Outlook Switching to Basic from NTLM
I have a hug problem within out Exchange 2007 Environment. We have preconfigured all out Outlook clients to use NTLM authentication over HTTP/RPC Protocal. But periodically Exchange with switch the authentication level back to Basic cause numerous problems
with Password prompts. Please can someone assist me with regards to this matter.
April 21st, 2010 9:49am
On Wed, 21 Apr 2010 06:49:50 +0000, MicroTeck wrote:>I have a hug problem within out Exchange 2007 Environment. We have preconfigured all out Outlook clients to use NTLM authentication over HTTP/RPC Protocal. But periodically Exchange with switch the authentication level back to Basic cause numerous problems with Password prompts. Please can someone assist me with regards to this matter.How did you set the authentication method(s)?If you run get-outlookanywhere what do you see for theClientAuthenticationMethod and IISAuthenticationMethods properties?Note that the value you see there will be pushed to the /rpc virtualdirectory in IIS periodically. If you've been setting theauthentication method to something different in the IIS Manager it'llbe overridden.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2010 4:50am
Everything on system suggests NTLM authentication yet Outlook will still switch back to Basic Authentication. Here is the retrun from the get-outlookanywhere power script. Any suggestions. I've tried everything including dancing on my head.
ServerName: MSEXCHANGE
SSLOffloading: False
ExternalHostname: MSEXCHANGE.afsjhb.afsgroup.co.za
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Ntlm}
MetabasePath: IIS://MSEXCHANGE.afsjhb.afsgroup.co.za/W3SVC/1/ROOT/Rpc
Path: C:\Windows\System32\RpcProxy
Server: MSEXCHANGE
AdminDisplayName:
ExchangeVersion: 0.1 (8.0.535.0)
Name: MSEXCHANGE
DistinguishedName: CN=MSEXCHANGE,CN=HTTP,CN=Protocols,CN=AFSMAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=2007ExchangeOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain,DC=co,DC=za
Identity: MSEXCHANGE\MSEXCHANGE
Guid: 0b62aef2-c915-41fc-8577-cad5af1c52fc
ObjectCategory: domain.domain.co.za/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged: 21/04/2010 08:32:22 PM
WhenCreated: 10/04/2010 11:08:04 AM
OriginatingServer: DOMAINCONTROLLER.afsjhb.afsgroup.co.za
IsValid: True
April 22nd, 2010 8:58am
On Thu, 22 Apr 2010 05:58:36 +0000, MicroTeck wrote:
>Everything on system suggests NTLM authentication yet Outlook will still switch back to Basic Authentication. Here is the retrun from the get-outlookanywhere power script. Any suggestions. I've tried everything including dancing on my head. ServerName: MSEXCHANGE
SSLOffloading: False ExternalHostname: MSEXCHANGE.afsjhb.afsgroup.co.za ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm} MetabasePath: IIS://MSEXCHANGE.afsjhb.afsgroup.co.za/W3SVC/1/ROOT/Rpc Path: C:\Windows\System32\RpcProxy Server: MSEXCHANGE
AdminDisplayName: ExchangeVersion: 0.1 (8.0.535.0) Name: MSEXCHANGE DistinguishedName: CN=MSEXCHANGE,CN=HTTP,CN=Protocols,CN=AFSMAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=2007ExchangeOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain,DC=co,DC=za
Identity: MSEXCHANGE\MSEXCHANGE Guid: 0b62aef2-c915-41fc-8577-cad5af1c52fc ObjectCategory:
>domain.domain.co.za/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged: 21/04/2010 08:32:22 PM WhenCreated: 10/04/2010 11:08:04 AM OriginatingServer: DOMAINCONTROLLER.afsjhb.afsgroup.co.za
IsValid: True
The next time that happens, run the get-outlookanywhere command to
verify that things are still set to use NTLM. Then check (with IIS
Manager) that the RCP virtual directory authentication is still using
"Windows Integrated".
If those all agree then you may be looking at something not directly
related to Exchange.
You might want to install rpcping on a workstation and set up a batch
file (or two) to verify that things are working and that the problem
isn't an Outlook-only problem.
---
Rich Matheisen
MCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2010 6:06am
Hi,
Please check the value of the EXPR for the Outlook Provider, if there have value under Server or CertPrincipalname attribute, that will break the NTLM authentication on the Outlook Anywhere configuration, and it falls back to Basic Authentication.
Please run get-Outlookprovider -identity -EXPR |fl command in EMS, then post the information on the forum.
Thanks
Allen
April 26th, 2010 12:15pm