Exchange 2007 EWS Kerberos Authentication not work on request from external network
Hi I have enabled the Kerberos Authentication on EWS for handling the double hop issue. In my case, a web page will get the calendar items from exchange server using EWS and the web page is using window authentication. So I enabled the Kerberos in both web server and exchange server. It works in internal network. After that, I have tested requesting the web page from external network and the Kerberos does not work. EWS return 401 error. I found the Authenication in exchange server become NTLM and using NT AUTHORITY\ANONYMOUS as the login user. So does Kerberos not support the request from external network? How can I fix this issue? Thanks for your help Zen
January 10th, 2010 7:46pm
how are you publishing to the external? directly trough a firewall, reverse proxy like ISA?CapecolMCSA - MCTS Exchange Server 2007 - 2010
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2010 8:16am
Hi,Thanks for your reply.The site publishes to the external directly through a firewall.Zen
January 11th, 2010 8:28am
Hi,
Please understand that the Kerberos v5 requires that the client have a direct connection to Active Directory, which is generally not the case in Internet scenarios.
For your reference:
Integrated Windows Authentication (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true
Mike Shen
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2010 11:36am