Hi, We are configuring Outlook Anywhere and the first time we open a shortcut or Search Archive it ask for credential. What We have: Outlook 2010 Exchange Server 2010 SP3 RU 7 Enterprise Vault 9.0.3 TMG Outlook anywhere is published with Basic Authentication When we logon with outlook 2010 from the web it ask for credential and that is normal, but when we access an shortcut it as for credential again, and when we access Archive Explorer or Search Vaults it ask for credential again. How can we prevent this extra logon?

I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV). http://www.microsoft.com/en-us/download/details.aspx?id=22723

Tonaco_pt

Moderator

11 years ago

Solved

EnterpriseVault in Outlook Anywhere ask credential.

Hi,

We are configuring Outlook Anywhere and the first time we open a shortcut or Search Archive it ask for credential.

What We have:

Outlook 2010
Exchange Server 2010 SP3 RU 7
Enterprise Vault 9.0.3
TMG
Outlook anywhere is published with Basic Authentication

When we logon with outlook 2010 from the web it ask for credential and that is normal, but when we access an shortcut it as for credential again, and when we access Archive Explorer or Search Vaults it ask for credential again.

How can we prevent this extra logon?

Enterprise Vault

Features

Information Governance

Troubleshooting

Windows Server (2003-2008)

BigPhil
11 years ago
I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).

http://www.microsoft.com/en-us/download/details.aspx?id=22723

BigPhil
Level 5
11 years ago
Do you have the Enterprise Vault server names (and aliases if used) added to the option in the "Desktop Policy/Advanced/Outlook/Add server to Intranet Zone"? Does this happen when accessing internally and externally?
Tonaco_pt
Moderator
11 years ago
Yes, we have.
BigPhil
Level 5
11 years ago
What about my second question. Does this happen when using Outlook Anywhere from an external network and the internal network? What type of authentication delegation do you have setup on the Enterprise Vault publishing rule in TMG? It should be NTLM. Have a look through this article again http://www.symantec.com/business/support/index?page=content&id=TECH61472

While this is for ISA 2006, it still applies for TMG.
Tonaco_pt
Moderator
11 years ago
Only external access ask for credential, yes we saw tech61472.

We starting to believe that how it work, when using outlook 2010 with enterprise vault add'ins and we access vault this access is via an IE thread.
BigPhil
Level 5
11 years ago
Do you get prompted for authentication each time you open an archived item, or just the first time?
Tonaco_pt
Moderator
11 years ago
Just the first time.
BigPhil
Level 5
11 years ago
I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).

http://www.microsoft.com/en-us/download/details.aspx?id=22723

Forum Discussion

EnterpriseVault in Outlook Anywhere ask credential.

Related Content

Enterprisevault no longer accesible for users

Two different credentials for vCenter

EnterpriseVault is inaccessible

Orace RAC credentials validation is failing

Credential test failing