I recently setup Outlook Anywhere on a Win2k8 box with Exchange 2007 with some assistance from this forum. The setup is using basic authentication which requires users to authenticate everytime they open up outlook when they login to outlook from outside the office. I've been asked to change this behaviour so that outlook will open up without requiring a username/password when outside the network. From what I've read, I've gleaned that in theory I should be able to setup Basic & NTLM authentication simultaneously for Outlook Anywhere so that I can satisfy this request. I've also read that this functionality does not work consistently for some reason due to a bug in the release version of Exchange 2007. I'd like to find out whether or not this functionality is supported with Exchange SP1 running on Win2k8 and if so what do I need to do to get this up and running without breaking my current Outlook Anywhere/Auto Discover configuration which took me weeks to get running properly Thanks Rob

Dear customer: If you want to use Basic authentication, you must continue to type your user account credentials. There is no way for the client to submit your user name and password automatically. If you want to log on automatically, you must configure your Outlook profile to use NLTM authentication to your proxy server for Exchange. Before you switch to using NTLM authentication, you must verify with your administrator that NTLM authentication is permitted or even possible in your environment. Many firewalls and proxy servers will prevent successful NLTM authentication, whereas Basic authentication will work successfully. If your firewall and proxy server support NTLM authentication, you can refer to the following article to achieve your goal. It also applies to Exchange server 2007. You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature http://support.microsoft.com/kb/820281/en-us Hope it helps. Rock Wang - MSFT

Rock, Currently my win2k8/Exchange 2007 server is setup to support basic authentication only. What do I need to do to set it up to support NTLM authentication. Also, do I need to open any ports on our firewall to support access? And, will my autodiscover settings be affected by the change? Thanks Rob

Dear customer: Thanks for your reply. Please double check whether your firewall support NTLM authentication. Because many third party firewall dont support NTLM authentication. If your firewall supports NTLM, you can try the following steps to achieve your goal: 1. On the CAS server in the EMC changed the authentication from Basic to NTLM and restarted the Microsoft Exchange Service Host service for it to replicate to IIS. 2. On the Outlook client changed the authentication from Basic to NTLM and we were able to login to Outlook Anywhere using NTLM. 3. You can follow the following KB to set the LMCompatibilty if you need to be able to login to Outlook without having to enter the credentials. You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature http://support.microsoft.com/default.aspx?scid=kb;en-us;820281 In addition, change basic auth to NTLM is nothing to your autodiscover settings. Hope it helps.

Rock, Thanks for the information. Question in regards to Firewall support. How do I determine whether or not my firewall supports NTLM. I'm using a Linksys Router. Is there a certain port to check or compatibility list Microsoft can point me to... ThanksRob

Dear customer: Thanks for your reply. For question about how to determine whether your firewall support NTLM authentication, please contact your firewall vendor for more help. The authentication mechanism that is configured in your Outlook profile is used only for the HTTP session to the proxy server for Exchange. The actual authentication mechanism between Outlook and the Exchange server, when accessed by using remote procedure call (RPC) over HTTP, always uses NTLM. We strongly recommend that you use Secure Sockets Layer (SSL) encryption for the HTTP session to the proxy server for Exchange. This is especially true when you are using Basic authentication. If you use SSL encryption, this prevents your user name and password from being sent in clear text. Outlook will not let you use Basic authentication when connecting to your proxy server for Exchange without using SSL encryption. You must sometimes use Basic authentication because NTLM authentication will fail if the proxy server for Exchange does not trust the authentication information. This issue can be caused by firewalls that examine the HTTP traffic and modify it in some way. For example, a firewall may end the session from the Internet and establish a new session to the proxy server for Exchange instead of passing the HTTPS (SSL) session straight through without modification. This process is sometimes known as reverse proxying or Web publishing. Certain firewalls such as Microsoft Internet Security and Acceleration (ISA) Server 2004 can successfully reverse proxy or Web publish the session and still permit NTLM authentication to succeed. Basic authentication is not affected by this process and will work regardless of firewalls. However, if you use Basic authentication, this means that you must type your user name and password every time that you start an Outlook session. Hope it helps. Rock Wang - MSFT