Exchange 2007 SP2 – Free/busy/autodiscover –integrated authentication issue. I have a strange one, that is effecting my users. I have a situation where users are unable to see free/busy. I have down quite a bit of trouble shooting on the issue and have tracked it down to this. If I have authentication set to integrated on the CAS servers for autodescover and EWS web sites, the user are unable to view details with this error. and autodescover service also fails to. Then it works, though with the side effect off users being prompted, random for login details during the day. Now I know that the setting for both autodescover and EWS need to be set to integrated, but setting this has the effect of the client not being able to view free/busy or set out off office. The functions work ok in OWA, and it only appears to be outlook clients effected, and that’s is not tied to any set version, either it is effecting both 2007 and 2010. The only change that has been done that appears to be the start of the problem, was that MS PS ran this command on the servers (they have been running happy for the last 4 years): C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders "NTLM,Negotiate" Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. NTAuthenticationProviders : (STRING) "NTLM,Negotiate" Which after it was run we started having this issue. I have put in place the workaround for by setting basic, but the login prompts are still a problem and the overall issue still needs to be resolve. But I am at a loss, in all the years I have been support exchange, I never seen this issue before, anyone with any ideas will great.

On Sat, 26 Feb 2011 15:39:15 +0000, KevinPike wrote: > > >Exchange 2007 SP2 ? Free/busy/autodiscover ?integrated authentication issue. > > > >I have a strange one, that is effecting my users. I have a situation where users are unable to see free/busy. I have down quite a bit of trouble shooting on the issue and have tracked it down to this. > >If I have authentication set to integrated on the CAS servers for autodescover and EWS web sites, the user are unable to view details with this error. and autodescover service also fails to. > > > >Then it works, though with the side effect off users being prompted, random for login details during the day. If the Outlook clients are setup to use RPC-over-HTTPS it's possible that they've had the TCP connection interrupted and switched to HTTPS. If only "Basic" authentication is available on the CAS server (could be on any one of several VDs) they'll be prompted for credentials. >Now I know that the setting for both autodescover and EWS need to be set to integrated, but setting this has the effect of the client not being able to view free/busy or set out off office. The functions work ok in OWA, and it only appears to be outlook clients effected, and that?s is not tied to any set version, either it is effecting both 2007 and 2010. > > > >The only change that has been done that appears to be the start of the problem, was that MS PS ran this command on the servers (they have been running happy for the last 4 years): >C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders "NTLM,Negotiate" >Microsoft (R) Windows Script Host Version 5.6 >Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. > >NTAuthenticationProviders : (STRING) "NTLM,Negotiate" > >Which after it was run we started having this issue. Well, if they screwed it up, why not call them back and have them fix it? In the mean time, what do you see if you run "get-outlookanywhere | fl IISAuthenticationMethods"? If you look at those settings in the EMC you'll see you can only set ONE method -- so don't use the EMC to change this, use ESM: set-outlookanywhere -id <identity> -IISAuthenticationMethods "Basic,NTLM" >I have put in place the workaround for by setting basic, but the login prompts are still a problem and the overall issue still needs to be resolve. But I am at a loss, in all the years I have been support exchange, I never seen this issue before, anyone with any ideas will great. Is this Kevin Pike I know in the UK, or some other Kevin Pike? Just curious. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP