Re: ISA 2006 Problem with Outlook Anywhere

I've gone trough the articles and done some reading at other places, and
without making the solution a bit toooo complicated I'll just wait for a
simpler solution - or if someone writes a "summy guide" on the subject : )




Thanks for all your help Jim!

Regards, Fred





"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:9ED8A28F-2492-4100-BA5D-7C6653B4A33C@xxxxxxxxxxxxxxxx
Unfortunately, I don't have the initial posting - only what's in this
thread.
You can't have NTLM auth at any proxy and the upstream server; the client
can't handle it.

Try these if KCD is your blocking point:
http://www.isaserver.org/tutorials/Configuring-ISA-Firewalls-ISA-2006-RC-Support-User-Certificate-Authentication-using-Constrained-Delegation-Part1.html
http://www.isaserver.org/tutorials/Configuring-ISA-Firewalls-ISA-2006-RC-Support-User-Certificate-Authentication-using-Constrained-Delegation-Part2.html

Tom rite gud stuf...
:-)
--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Fred" <nomail@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%2371LZ62WHHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
Jim, I think you are reading so many threads these days that you don't
actually are reading them ;)

In my fist post I write what Exchange version I'm using and what guide
I've
used for ISA Server setup, same link you are posting : )



Here's the problem, I just can't get it working according to the article
cuz
I don't understand the SPN thingies and how that should work. So either
info
on how to do that OR how to get just old NTLM auth. What I really want is
to
get rid of password typing when a user starts Outlook from "anywhere",
just
like at the office.



In the guide we both have been reading it says enable Outlook Anywhere and
select NTLM auth, but what I should do is set this to basic, and using IIS
manager set auth to basic on RPC. Then create the publishing rule in ISA
and
set that to NTLM auth?
Do I get or am I still "out there".? ;)



Anyway, thanks Jim!
I've been reading some of your articles on isaserver.org and it's always
enjoyable reading :)





"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:89496C14-3336-49D4-B084-764E0E195BAA@xxxxxxxxxxxxxxxx
Ok - so you can use a single listener for all OL Anywhere web publishing.
Since you refer to Exchange "Edge", I assume you're using Exch 12.
Here is an article that should get you going.
http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx

Big Note: - you *MUST* configure the OL RPC/HTTP settings for Basic
authentication - no other option.
This will not affect the internal connection, which is MAPI by default
(unless you configure OL to use HTTP for all connections).
--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Fred" <nomail@xxxxxxxxxxxxxxxxxxx> wrote in message
news:e2fulVxWHHA.496@xxxxxxxxxxxxxxxxxxxxxxx
A singel ISA 2006 STD with Update for Publishing installed.
Two Exchange servers, one is Edge the other is everything but Unified
messaging, both are Standard edition.


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:B1D95A24-9646-4BF8-87F5-0A23346FA0D3@xxxxxxxxxxxxxxxx
What ISA version?
It maters quite a lot...
--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Fred" <nomail@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ucooOZsWHHA.3500@xxxxxxxxxxxxxxxxxxxxxxx
Ehum...? So what do I do?
Outlook anywhere as Basic and Exchange as NTLM or the other way round?
Oooor... impossible?


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:8CEA443E-3ED1-4049-8270-3FD018C69149@xxxxxxxxxxxxxxxx
You can't have NTLM at the ISA and Exchange listeners.
NTLM doesn't "translate" the same way Basic auth can.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Fred" <nomail@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OS3WOjmWHHA.4180@xxxxxxxxxxxxxxxxxxxxxxx
Come on guys, I got Outlook Anywhere working using basic auth, now all
I
need is to get it working with NTLM. Anyone?










.

Relevant Pages

  • Re: DNS Suffix Erroneously Appended To All Queries
    ... it tells me ISA is misconfigured. ... If you are having difficulty in reading or finding responses to your post, ... Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet ... With OEx, you can easily find your post, track ...
    (microsoft.public.windows.server.dns)
  • Re: Good lord, when do I get to actually program?
    ... My advice to you would be to stop reading and start messing about. ... Find great Windows Forms articles in Windows Forms Tips and Tricks ... > basics, but I'm having trouble seeing myself bridging the gap from basics ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters
    ... > I was reviewing a few KB articles (Security Considerations for Network ... While reading these I was trying to fully understand ... What are the Backlog parameters, ... > the recommended settings? ...
    (microsoft.public.inetserver.iis.security)
  • Re: Transportation after EMP
    ... It has been said the reason EMP was not noticed in early nuclear ... numerous articles and papers have mentioned. ... this is not the physics at all. ... just from reading science books when I was in junior high school. ...
    (misc.survivalism)
  • Re: Just for fun ...
    ... an '??aholic' thingy of some sort. ... If you haven't written any articles then, IMHO, you most definitely ... I enjoy reading your posts. ... learning from equally excellent people who are spending ...
    (borland.public.delphi.non-technical)