Hello everyone, I currently administrate a group of Exchange 2003 / 2007 servers which run 3 x Client Access Servers for front facing connectivity for our customers. I am noticing more and more users, that have upgraded their Outlook client from Outlook 2003 / 2007 to 2010 develop a very strange fault. If they login to their mailbox, mail becomes very slow and very sluggish. They are unable to add a calendar entry and they are also unable to do other features within Outlook. If I go into the advanced connection settings of their machine, and change the Authenttication Method to Basic, this fixes it. However it reverts back about 20 minutes later. Looking at the client access server the settings for Outlook Anywhere look like this; ServerName : SHA-EXCH13 SSLOffloading : False ExternalHostname : exchange.[Servername] ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Basic, Ntlm} MetabasePath : IIS://SHA-EXCH13.[ServerName]/W3SVC/1/ROOT/Rpc Path : C:\Windows\System32\RpcProxy ExtendedProtectionTokenChecking : None ExtendedProtectionFlags : {} ExtendedProtectionSPNList : {} Server : SHA-EXCH13 Am I right in thinking that this is where the record is being changed? It looks like the ClientAuthenticationMethod should be Basic and not NTLM, but I am not sure. Has anyone else seen this problem and found a fix? Thanks in advance, CJ.

Check on the server, what is authentication type it is showing in IIS. Post the Result.Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah | Blog: www.iExchangeRanger.com

Hello Gulab, I am guessing you want me to look at the permission for AutoDiscover, which is set to Windows Authentication and Basic. If you want OWA then the permissions are Basic. If not let me know which you require. Thanks once again, Regards CJ.

As you said in you post that it all started happening right after user upgraded to Outlook 2010! Is it happening with all the users are with some of them, as in IIS permission is showing Win Auth and Basic than it shouldn't redirect to NTLM. Do you have CAS Proxy by anychance?Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah | Blog: www.iExchangeRanger.com

Hello Gulab, It appears to be happening with users who access that platform that have an Autodsicover record from my debugging. It appears it is as if the autodiscover record is saying it should be NTLM and forcing it to change I guess. Yes I believe the CAS Proxy redirects the required server name behind it, which is load balanced between 3 servers using NLB. I have looked at my Exchange 2010 platform which doesn't have this authetnication issue and the Outlook Anywhere is set only to Basic, hence why I thought this may be the case :(

When it get changed with NTLM outlook performance is poor, right?Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah | Blog: www.iExchangeRanger.com

Hello Gulab, Most definitely :( Users are unable to update calendar entries, mail is extremely laggy and sometimes says it is disconnected in the bottom right hand corner of Outlook, and they are unable to print either. When we revert back to Basic in their settings it all works fast and slick as expected and they can do the above issues without a problem. Regards CJ.

you said that CAS servers are faced towards your customers.are you doing Exchange hosting? I would say that NTLM is a bad choice when doiing hosting since customers dont belong to the same forest as your Exhange servers does. With NTLM, outlook tries to use teh loged on user credentials and they will not work and therefore generate a timeout before outlook sees the new authentication prompt. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Set Logon network Security to Negotiate Authentication. Check the issue and post the update. Cheers,Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah | Blog: www.iExchangeRanger.com