In Exchange 2007 SP1, allowingboth NTLM and Basic authentication on the /rpc virtual directory was deemed asecurity vulnerability.
In Exchange 2010 you are given radial buttons to select NTLM OR Basic authentication, but not both. Listedhere are the pros and cons of NTLM and Basic.
At first glance one might think you can just go into IIS and set whatever you want. While this is true, IIS will read the Exchange data from AD every 15 minutes and reconfigure itself. This means a manual IIS setting will not stick. The configuration must be made “in Exchange”.
I was looking around and found this unofficial article:
http://cid-a19e3265de255fbb.spaces.live.com/blog/cns!A19E3265DE255FBB!2221.entry
UPDATE - THE 2ND COMMAND IN THIS LINK DOES NOT WORK. SEE "ANSWER" HERE FOR EXPLINATION.
&
It looks like, while the GUI only allows for one selection, you can use a comma to specifyboth NTLM and Basic authentication via this command:
get-outlookanywhere | set-outlookanywhere -IISauthentication basic,Ntlm
When you look at theofficial TechNet article on the get-outlookanywhere, you are not told commas are supported, however after running them, you can verify it accepted both values (get-outlookanywhere).
I have the following questions:
1. Is this “supported”?
2. If both values are supplied (both above commands run), what authentication method does autodiscover populate the client’s with?
3. How is this “supposed” to be done. I don’t want my users typing credentials each time they connect(Basic Auth), and Outlook 2003/7 requiresextra client-side work to get it to remember passwords. But NTLM authentication re-prompts the login box over and over from some off-campus locations.
Mike Crowley
Check out My Blog!
_1313_538_1085.jpg "MCITP")
_3919_3912.jpg "MCT")