errr......my heads still spinning. So, if we change the client auth to NTLM in Exchange, those outlooks currently set to basic WONT be able to authenicate BUT autodiscover will update their configuration in Exchange Proxy settings in the near future ?
-- G2 Support Network Support : Online Backups : Server Management Web: www.g2support.com Twitter: g2support<http://twitter.com/home?stat...@g2support> Newsletter: www.g2support.com/newsletter<http://www.g2support.com/newsletter> From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 07 July 2010 13:11 To: MS-Exchange Admin Issues Subject: RE: Changing from basic to NTLM in Outlook Anywhere settings The documentation on this is very bad. It's scheduled for a refresh "soon". Here is what a MSFT employee said on this topic recently (with some careful edits to remove names and other NDA information): IIS can have both enabled - we changed the defaults some time back as this was deemed insecure, if you only needed one, or the other. Now you can choose them independently, using IISauth and clientauth, but the default is to set IIS to the same as you tell the client.... ...firewalls play a part in why you might want them different. If you choose Basic at TMG (same for ISA and UAG) because you want Forms auth with Basic as a fallback, but want NTLM or KCD from the firewall to CAS, you would set client auth at Basic, IIS at NTLM. If you want to do OA NTLM, you can't use a forms listener... AutoDiscover returns to Outlook whatever the client auth method is, if specified. Or the simple Basic/NTLM choice you made when setting up OA if that applies. If you tell OA to use Basic and both Basic and NTLM are enabled in IIS, fine. Ditto for NTLM. It all depends on how the client with auth to the server it connects to (cas or firewall), and how, if you have a firewall, how it auths to IIS on CAS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] Sent: Wednesday, July 07, 2010 7:25 AM To: MS-Exchange Admin Issues Subject: Changing from basic to NTLM in Outlook Anywhere settings Hi chaps, In Exchange 2010 does anyone know what will happen to the remote clients if we to change the Outlook Anywhere settings on the server to accept NTLM rather than basic authentication? The users in question connect via Outlook Anywhere over HTTP. With Basic authentication users are asked for a password when they open Outlook. We have noticed at other sites that with NTLM they aren't. What I'm not sure about is what happens if we change the setting in Exchange 2010 to the clients that are already set up to use Basic. Will they just not be able to authenticate at all or will they be changed to NTLM via Autoconfigure? In Exchange2007 you used to be able to specify both as an option which was nice and easy. Olly [cid:image002.png@01CB1DEB.E51F60B0] Network Support Online Backups Server Management Tel: 0845 307 3443 Email: oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com> Web: http://www.g2support.com<http://www.g2support.com/> Twitter: g2support<http://twitter.com/home?stat...@g2support> Newsletter: http://www.g2support.com/newsletter Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE BN3 7LE. Our registered company number is OC316341.
<<inline: image001.jpg>>
<<inline: image002.png>>