Exchange 2007 Outlook Switching to Basic from NTLM
I have a hug problem within out Exchange 2007 Environment. We have preconfigured all out Outlook clients to use NTLM authentication over HTTP/RPC Protocal. But periodically Exchange with switch the authentication level back to Basic cause numerous problems with Password prompts. Please can someone assist me with regards to this matter.
April 21st, 2010 9:49am

On Wed, 21 Apr 2010 06:49:50 +0000, MicroTeck wrote:>I have a hug problem within out Exchange 2007 Environment. We have preconfigured all out Outlook clients to use NTLM authentication over HTTP/RPC Protocal. But periodically Exchange with switch the authentication level back to Basic cause numerous problems with Password prompts. Please can someone assist me with regards to this matter.How did you set the authentication method(s)?If you run get-outlookanywhere what do you see for theClientAuthenticationMethod and IISAuthenticationMethods properties?Note that the value you see there will be pushed to the /rpc virtualdirectory in IIS periodically. If you've been setting theauthentication method to something different in the IIS Manager it'llbe overridden.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2010 4:50am

Everything on system suggests NTLM authentication yet Outlook will still switch back to Basic Authentication. Here is the retrun from the get-outlookanywhere power script. Any suggestions. I've tried everything including dancing on my head. ServerName: MSEXCHANGE SSLOffloading: False ExternalHostname: MSEXCHANGE.afsjhb.afsgroup.co.za ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm} MetabasePath: IIS://MSEXCHANGE.afsjhb.afsgroup.co.za/W3SVC/1/ROOT/Rpc Path: C:\Windows\System32\RpcProxy Server: MSEXCHANGE AdminDisplayName: ExchangeVersion: 0.1 (8.0.535.0) Name: MSEXCHANGE DistinguishedName: CN=MSEXCHANGE,CN=HTTP,CN=Protocols,CN=AFSMAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=2007ExchangeOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain,DC=co,DC=za Identity: MSEXCHANGE\MSEXCHANGE Guid: 0b62aef2-c915-41fc-8577-cad5af1c52fc ObjectCategory: domain.domain.co.za/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged: 21/04/2010 08:32:22 PM WhenCreated: 10/04/2010 11:08:04 AM OriginatingServer: DOMAINCONTROLLER.afsjhb.afsgroup.co.za IsValid: True
April 22nd, 2010 8:58am

On Thu, 22 Apr 2010 05:58:36 +0000, MicroTeck wrote: >Everything on system suggests NTLM authentication yet Outlook will still switch back to Basic Authentication. Here is the retrun from the get-outlookanywhere power script. Any suggestions. I've tried everything including dancing on my head. ServerName: MSEXCHANGE SSLOffloading: False ExternalHostname: MSEXCHANGE.afsjhb.afsgroup.co.za ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm} MetabasePath: IIS://MSEXCHANGE.afsjhb.afsgroup.co.za/W3SVC/1/ROOT/Rpc Path: C:\Windows\System32\RpcProxy Server: MSEXCHANGE AdminDisplayName: ExchangeVersion: 0.1 (8.0.535.0) Name: MSEXCHANGE DistinguishedName: CN=MSEXCHANGE,CN=HTTP,CN=Protocols,CN=AFSMAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=2007ExchangeOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain,DC=co,DC=za Identity: MSEXCHANGE\MSEXCHANGE Guid: 0b62aef2-c915-41fc-8577-cad5af1c52fc ObjectCategory: >domain.domain.co.za/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged: 21/04/2010 08:32:22 PM WhenCreated: 10/04/2010 11:08:04 AM OriginatingServer: DOMAINCONTROLLER.afsjhb.afsgroup.co.za IsValid: True The next time that happens, run the get-outlookanywhere command to verify that things are still set to use NTLM. Then check (with IIS Manager) that the RCP virtual directory authentication is still using "Windows Integrated". If those all agree then you may be looking at something not directly related to Exchange. You might want to install rpcping on a workstation and set up a batch file (or two) to verify that things are working and that the problem isn't an Outlook-only problem. --- Rich Matheisen MCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2010 6:06am

Hi, Please check the value of the EXPR for the Outlook Provider, if there have value under Server or CertPrincipalname attribute, that will break the NTLM authentication on the Outlook Anywhere configuration, and it falls back to Basic Authentication. Please run get-Outlookprovider -identity -EXPR |fl command in EMS, then post the information on the forum. Thanks Allen
April 26th, 2010 12:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics