What are the implications for OWA when planning to use smartcard authencation with AD 2003 & Exchange 2003? We're mandated to implement smartcards for single sign on to numerous resources. I'm just beginning to test this, and someone brought up questions regarding how users will access OWA via outside networks once smartcard logons are in effect. Is there any way to bypass this for OWA?Doug Mantha

Smart card logon can work for users outside of the network, but you must be sure that the PKI is configured correctly. - The CDP extension must include an externally accessible URL (for all CAs in the CA hierarchy) - The AIA extension must include an externally accesible URL (for all CAs in the CA hierarchy) - If using OCSP, the online responder must be accessible from the external network (for all CAs that implement OCSP for revocation checking) From that point, it really is only certificate-based authentication. You must configure the OWA site to enable certificates (probably have to disable form-based auth) Brian