I was having issues with Lync authenticating via NTLM with Autodiscover/EWS until I changed the order of authentication methods in the applicationhost.config file to order NTLM before Negotiate. I'm still getting one popup for authentication in Lync, when I run a fiddler trace I see it's being requested from /RPC. I've already enabled NTLM auth on the RPC virtual directory, how do I set it to the primary authenticaton method?

Outlook Anywhere changes in Exchange Server 2007 SP1 http://blogs.technet.com/b/exchange/archive/2007/11/08/3404319.aspx For Exchange 2007 SP1, instead of always enabling Basic and NTLM, Outlook Anywhere now provides the ability to choose the authentication methods that will be enabled on the /rpc virtual directory in IIS. To specify the authentication method, the following parameters have been added in place of the ExternalAuthenticationMethod parameter: 1. ClientAuthenticationMethod - This new parameter specifies the authentication method that the Autodiscover service will provide to the clients. This is the method that clients will use to authenticate against the Client Access server. In Exchange 2007 RTM, the ExternalAuthenticationMethod parameter was responsible for this setting. 2. IISAuthenticationMethods - This new parameter specifies the authentication methods that will be enabled the /rpc virtual directory in IIS. When using this parameter, all other authentication methods will be disabled. More than one value can be specified for this parameter by using a comma delimited list of authentication methods. For example: NTLM, Basic James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

I was having issues with Lync authenticating via NTLM with Autodiscover/EWS until I changed the order of authentication methods in the applicationhost.config file to order NTLM before Negotiate. I'm still getting one popup for authentication in Lync, when I run a fiddler trace I see it's being requested from /RPC. I've already enabled NTLM auth on the RPC virtual directory, how do I set it to the primary authenticaton method? Something doesnt sound right here. You typically do not need to mess with any of the Exchange autodiscover IIS settings to get Lync to work seamlessly with Exchange. Those credential popups sound like something else is going on. HAve you asked this in the Lync Forums? http://social.technet.microsoft.com/Forums/en-US/category/ocs

Hey Andy, I've made several posts on the Lync forums. While I shouldn't have to make exchange autodiscover changes it seems as though that's what has to happen. Non-domain joined machines with authenticate propery because of Basic auth. But domain joined machines fail or get authentication popups. As I said, reording NTLM before Negotiate on EWS and Autodiscover allows Lync to authenticate with NTLM propery. For some reason it cannot with \RPC. Not sure why Lync even tries to access RPC but that is definitely the source of the remaining popup. This is exchange 2010 by the way.

It looks like the solution was: Set-outlookanywhere -ClientAuthenticationMethod:Ntlm -IISAuthenticationMethods:Ntlm So removing Basic altogether and it appears to be working how I want it.

When the RpcHttpConfigurator runs, it picks up the IISAuthenticationMethods and SSLOffloading values from the AD and stamps it on the \rpc vdir settings in the IIS metabase - overwriting any previously set value. We can only use the Set-outlookanywhere –ClientAuthenticationMethod command to set the authentication. For more details, please see: http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx Thanks, Simon