Thomas Shinder Blog RSS

All Blogs  »  Thomas Shinder Blog  »  ISA Central  »  Blog article: Authentication Delegation when Publishing Exchange 2007 Web Client Access - Watch Out for These Gotcha's

Authentication Delegation when Publishing Exchange 2007 Web Client Access - Watch Out for These Gotcha’s

Here are some “gotcha’s” about authentication delegation when publishing Exchange 2007 Web client access that you need to know about:

If Basic is selected for authentication delegation, the following Exchange 2007 features will not function as expected:

  • Outlook Web Access 2007 Web Part. Outlook Web Access 2007 Web Part requires Integrated Windows authentication configured on the /owa/* directory.
  • Proxying between Exchange Client Access servers in different Active Directory sites. This requires the configuration of Integrated Windows authentication on the Exchange Client Access servers.

If Negotiate is selected for Authentication delegation, the following will not work:

  • Access to mailboxes residing on Exchange 2003, through legacy folders, such as /public/*, /exchange/*, and /Exchweb/*. Access to these mailboxes via this method requires Basic authentication.
  • Clients that access the user’s mailbox through the legacy folders, such as Microsoft Entourage 2004 for Mac and custom written applications using WebDAV extensions. This requires Basic authentication.

Some of the features of Outlook Anywhere and Outlook Web Access that require the /ews/* path currently work only with Basic authentication. Unfortunately, I can’t tell you what these features are :)

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

This entry was posted on Monday, June 4th, 2007 at 8:51 am and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Authentication Delegation when Publishing Exchange 2007 Web Client Access - Watch Out for These Gotcha’s”

  1. Luis Roman Says:

    June 11th, 2007 at 8:35 am

    Is there a document that outlines the shortcomings of OWA 2007 versus Outlook 2007? Thanks.

  2. Thomas Shinder Says:

    June 11th, 2007 at 8:37 am

    I haven’t seen it, but I would be interested in the same information. One major thing I can think of is that you don’t benefit from offline cache mode with OWA.

    Tom

  3. Luis Roman Says:

    June 11th, 2007 at 2:11 pm

    Thanks, I hear that there is no delegation capabilities either (proxy).

  4. Thomas Shinder Says:

    June 11th, 2007 at 5:10 pm

    Hi Luis,

    Not true — you have a number of authentication delegation options.

    HTH,
    Tom

  5. Luis Roman Says:

    June 12th, 2007 at 6:43 am

    Great, we are testing OWA today. Thanks.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center