Hi I have enabled the Kerberos Authentication on EWS for handling the double hop issue. In my case, a web page will get the calendar items from exchange server using EWS and the web page is using window authentication. So I enabled the Kerberos in both web server and exchange server. It works in internal network. After that, I have tested requesting the web page from external network and the Kerberos does not work. EWS return 401 error. I found the Authenication in exchange server become NTLM and using NT AUTHORITY\ANONYMOUS as the login user. So does Kerberos not support the request from external network? How can I fix this issue? Thanks for your help Zen

how are you publishing to the external? directly trough a firewall, reverse proxy like ISA?CapecolMCSA - MCTS Exchange Server 2007 - 2010

Hi,Thanks for your reply.The site publishes to the external directly through a firewall.Zen

Hi, Please understand that the Kerberos v5 requires that the client have a direct connection to Active Directory, which is generally not the case in Internet scenarios. For your reference: Integrated Windows Authentication (IIS 6.0) http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true Mike Shen TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com