When we hand-off or manually fail-over our Clustered Mailbox Server to the passive node, Outlook 2007 users are prompted for their password when they reconnect to the CMS. Can this be prevented or is this by design?

This should *not* be the default behavior if they are using integrated windows authentication. Do the users have to provide a user name and password when they initially open Outlook? Jim McBee - Blog - http://mostlyexchange.blogspot.com

On Tue, 15 Jun 2010 19:03:50 +0000, Mike Erter wrote: > > >When we hand-off or manually fail-over our Clustered Mailbox Server to the passive node, Outlook 2007 users are prompted for their password when they reconnect to the CMS. > >Can this be prevented or is this by design? Is outlook configured to use the "Exchange Proxy Settings..."? If the "On slow networks..." is checked what may be happening is that Outlook is switching to RPC-over-HTTPS. If the CAS is configured to use basic authentication then you'll get that logon dialog box. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

How do I check if they are using Integrated Windows Authentication? They do not have to provide their credentials when they initially open Outlook.

I notice in Outlook in my Microsoft Exchange Proxy Settings the "Use this authentication when connecting to my proxy server for Exchange:" is set to Basic Authentication.

Where do I check if the CAS is configured to use Basic Authentication?

On Thu, 17 Jun 2010 19:54:16 +0000, Mike Erter wrote: >Where do I check if the CAS is configured to use Basic Authentication? Use "get-outlookanywhere". --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thanks for answering. I see the output from that cmdlet says: ClientAuthenticationMethod : Basic IISAuthenticationMethods : {Ntlm} Do you suggest I change that so that they both say "Basic"? I wonder if that will break my Threat Management Gateway Outlook Anywhere Publishing Rule?

On Fri, 18 Jun 2010 17:29:49 +0000, Mike Erter wrote: > > >Thanks for answering. > >I see the output from that cmdlet says: > >ClientAuthenticationMethod : Basic > >IISAuthenticationMethods : {Ntlm} > >Do you suggest I change that so that they both say "Basic"? No. Set them so they look like this: ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Basic, Ntlm} >I wonder if that will break my Threat Management Gateway Outlook Anywhere Publishing Rule? Do you use FBA on the TMG publishing rule? If you do then the TMG will proxy the credentials using "basic" authentication. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP