Outlook Anywhere changes in Exchange Server 2007 SP1

November 11, 2007 — g1idee

In Exchange Server 2007 SP1, the configuration of Outlook Anywhere (formerly known as RPC over HTTP) has been changed to accommodate the different ways Exchange CAS servers are deployed on the Internet. This blog post provides an overview of these changes.

For Exchange 2007 SP1, instead of always enabling Basic and NTLM, Outlook Anywhere now provides the ability to choose the authentication methods that will be enabled on the /rpc virtual directory in IIS.

To specify the authentication method, the following parameters have been added in place of the ExternalAuthenticationMethod parameter:

1. ClientAuthenticationMethod - This new parameter specifies the authentication method that the Autodiscover service will provide to the clients. This is the method that clients will use to authenticate against the Client Access server. In Exchange 2007 RTM, the ExternalAuthenticationMethod parameter was responsible for this setting.

2. IISAuthenticationMethods - This new parameter specifies the authentication methods that will be enabled the /rpc virtual directory in IIS. When using this parameter, all other authentication methods will be disabled. More than one value can be specified for this parameter by using a comma delimited list of authentication methods. For example: NTLM, Basic

The reason that both parameters exists is scenarios in which you have a firewall which is configured to provide authentication delegation. For example, Outlook clients use Basic authentication, but an ISA Server 2006 firewall delegates authentication to the /rpc virtual directory using NTLM authentication. In this scenario, you would set the ClientAuthenticationMethod to Basic and the IISAuthenticationMethod parameter to NTLM.

However, since many Outlook Anywhere deployments do not go through authentication delegation, a more common scenario would be that both of these parameters will use the same value. Because of this, the following additional parameter can be used:

3. DefaultAuthenticationMethod - This new parameter can be specified to set both the ClientAuthenticationMethod and IISAuthenticationMethod parameters to be the same value. When you use this parameter, only a single value can be specified.

 

Continue at: msexchangeteam.com

Posted in Exchange.

Leave a Reply

« Translate This and Translate My Page Functionality with Windows Live Translator

Server Core Roles & Features of Windows Server 2008 »