Hi, What is diffarence between authentication process on two web sites in IIS: 1) clientCertificateMappingAuthentication = enabled, SSL on, Require client certificate, windows authentication = disabled. 2) clientCertificateMappingAuthentication = disabled, SSL on, Require client certificate, windows authentication = enabled. When I have windows authentication disabled what protocol is used to make certificate mapping? Adam

Kerberos. What will happen is that the browser will immediately fail if the certificate is not provided or cannot be mapped to a user account. If you have Windows authentication enabled, but require certificates, the browser will taunt you with a login window, that will never work. You do not have to have Windows Authentication enabled for certificate-based authentication. Brian

Thanks. Is there any sollution to make succesfull auhorization with enabled windows authentication, disabled client certificate mapping AND enabled "smart card is required" for AD user? I need client certificate mapping disabled because I'm using OWA 2007 + Symantec Enterprise Vault which doesn't support certificate mapping - EV uses WebDAV to connect /Exchange virtual directory. When I enable mapping I get 401 from /Exchange virtual directory :) (see http://msexchangeteam.com/archive/2008/11/12/450094.aspx) Adam

Probably not