CAS Array and Outlook 2003 clients

Status
Not open for further replies.
B

BGM2

I read where the settings in Outlook should be set to either Negotiate Authentication or NTLM and not Kerberos if you are going to use a CAS Array. For Outlook 2007 and 2010 this doesn't seem to be an issue since the default seems to be Negotiate.

In Outlook 2003 SP3 I have 3 possible settings:

Kerberos / NTLM Password Authentication

Kerberos Password Authentication

Password Authentication (NTLM)

If I'm going to use a CAS Array but still have Outlook 2003 clients is Kerberos Password Authentication the only security setting I cannot use?
 
M

MMHussain

Hello

Use NTLM authentication for Outlook 2003 and also make sure that Encryption must be enabled in the Outlook profile.

Under the Outlook Profile, choose “more settings” and then choose the Security tab.

Make sure “Enable encryption between Outlook and the Exchange Server” is Connected.

Thanks Mhussain
 
B

BGM2

Knew about the encryption and already setup a GPO but didn't know about the authentication method.
 
B

BGM2

Okay so looking at this article it appears for Outlook 2003 clients the keberos / NTLM authentication setting is ok. Please let me know if I'm mistaken?
 
A

Allen Song

Hi,

That's indeed the problem. Before Exchange 2010 SP1, the CASARRAY could not work with the kerbose. This is because when Client Access Servers are load balanced, clients are not aware of individual server names. As a result, the mail clients request as a array name.

On the CAS server, the Exchange services run in the local system or network service and authenticate the kerbose in their own account, not the array account. This causes a mismatch and leads to Kerberos authentication failure.

A good news is the SP1 can make this work. You can refer to the below article:

http://technet.microsoft.com/en-us/library/ff808312.aspx

Thanks

Allen

Allen Song
 
Status
Not open for further replies.
Top