RE: Exchange 2007 in a domain using Kerberos Realm authentication

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Robbin,

I have emailed you 3 screenshots of the AutoConfig Test progress, and
attached the XML info that shows once I enter my Kerberos Realm credentials
at the prompt.

I have also attached the NetMon capture from the Windows Vista/Outlook 2007
machine as it opens Outlook. If you think the log from Exchange 2007 server
will help then please let me know and I will provide that, but for now I have
not installed Netmon on the server.

Thanks again for your continued support!

Simon


""Robbin Meng [MSFT]"" wrote:


Hi Simon,

Glad to receive your reply and I am sorry for my delay in response.

Based on my research during these days, the Autodiscover service is
automatically installed and configured when the Client Access Server (CAS)
role is added to any Exchange Server 2007 server. Therefore, it cannot be
simply disabled or bypass.

Moreover, Outlook 2007 uses Autodiscover every time the program is launched
and every time a new profile is configured.

Therefore, this issue is mostly like a by design/normal behavior for
Outlook 2007 with Kerberos Realm authentication, although I have found the
direct and final answer.

However, I believe if we can make clear that what "Referral" Outlook 2007
is trying to connect with to your mail server(hermes.exr.ualberta.ca) and
whether this "Referral" allows Kerberos Realm authentication or not, we can
draw the final conclusion.

theoretically, when Outlook is looking for a GC server, a referral could be
generated by the exchanger to help client locate the GC. However, in our
case, both Mail server, Public server and two GC can be successfully
connected from the screenshot and our tests.


So the next suggestions provided as below:

1. check Test E-mail AutoConfiguration

The best way to see the items returned that Outlook 2007 will consume is to
use the Test E-mail AutoConfiguration option available by right-clicking on
the Outlook notification icon on the Windows Task Bar while holding down
the Control key on your keyboard.

To test Autodiscover ensure ONLY the Use Autodiscover option is selected. A
password does not have to be entered when you are logged into the domain.
Your logged in credentials are used. Finally, click on the AutoConfigure
button to start the Autodiscover request to the Autodiscover service.

After Outlook sends your E-mail Address and credentials to the Autodiscover
service the various Results, Log, and XML tabs will show status and results
of Autodiscover request. The results tag is the most useful as it shows the
results of the request in the most legible format. The Log tab shows which
URLs were tested and which one was successful in finding the Autodiscover
Web site. The XML tab shows the final XML Response as it was received by
Outlook 2007.

PLEASE DO check the information.


2. If necessary, please capture a Network Monitor package and let's see if
there is any error related to the Kerberos Realm authentication.

To collect the Networking Monitor log on both the server and the client,
you can follow the steps below:
===========================
a. Download Network Monitor 3.1 from the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-
8d17-2f6dde7d7aac&DisplayLang=en
b. Install the Network Monitor on the server.
c. Click Start->Programs-> Microsoft Network Monitor 3.1-> Microsoft
Network Monitor 3.1, open Network Monitor.
d. Select the network connection in use, and then click "Create a new
capture tab" button.
e. Click Start on the Capture menu in Network Monitor window. Make sure
that the server and the client start at the same time.
f. Try to reproduce the issue. Then click Stop on the Capture menu, and
click File->Save as to save the captured file.

For more detailed information about How to capture network traffic with
Network Monitor, you can access the following link:
http://support.microsoft.com/kb/148942

Related material:

Network Monitor
http://blogs.technet.com/netmon/

Information about Network Monitor 3
http://support.microsoft.com/kb/933741

Hope it helps.

I look forward to your reply. Also, if you have any questions or concerns,
please do not hesitate to let me know.


Best regards,
Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


.

Quantcast