I configured the Kerberos authentication on an internal OWA site because I have to configure a cas-to-cas proxy environment. If I connect with IE 9 to the internal cas (https) I get in the event viewer on the server the following: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 19/07/2011 Time: 07:22:17 User: NT AUTHORITY\SYSTEM Computer: INT-CAS1 Description: Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.100.30 Source Port: 26667 If I use Firefox or Opera (no Kerberos) the authentication works fine with same user/pswd I'm troubleshooting this since a while but I couldn't get it working yet. How would you troubleshoot this ? The OS is W2003 R2, Exchange 2007 SP3 rollup 3-v2

Did you have configure Windows intigrated authentication on non internet facing site ?Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

yes I did and the proxy doesn't work Even worst, it doesn't work from the internal network as I wrote. Now I'm trying to get it working from the internal network, while testing with a user using https://int-cas1/owa and I'm getting the error above. As long as it doesn't work in this way, it won't work from the proxy too I think Also, if I disable Integrated Authentication on the owa dir it works fine, so there is something wrong with Kerberos Thanks

Hello, On the “Non-Internet facing” CAS server, just need to make sure: 1. The internalurl is set to the CAS FQDN 2. Use Integrated Window Authentication instead of Form-Based authentication (FBA). Thanks, Simon