11-17-2014 09:29 AM
Hi,
We are configuring Outlook Anywhere and the first time we open a shortcut or Search Archive it ask for credential.
What We have:
When we logon with outlook 2010 from the web it ask for credential and that is normal, but when we access an shortcut it as for credential again, and when we access Archive Explorer or Search Vaults it ask for credential again.
How can we prevent this extra logon?
Solved! Go to Solution.
12-04-2014 07:40 AM
I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).
http://www.microsoft.com/en-us/download/details.aspx?id=22723
11-17-2014 10:37 AM
Do you have the Enterprise Vault server names (and aliases if used) added to the option in the "Desktop Policy/Advanced/Outlook/Add server to Intranet Zone"? Does this happen when accessing internally and externally?
11-17-2014 11:06 AM
11-17-2014 11:34 AM
What about my second question. Does this happen when using Outlook Anywhere from an external network and the internal network? What type of authentication delegation do you have setup on the Enterprise Vault publishing rule in TMG? It should be NTLM. Have a look through this article again http://www.symantec.com/business/support/index?page=content&id=TECH61472
While this is for ISA 2006, it still applies for TMG.
11-18-2014 07:08 AM
Only external access ask for credential, yes we saw tech61472.
We starting to believe that how it work, when using outlook 2010 with enterprise vault add'ins and we access vault this access is via an IE thread.
11-18-2014 03:36 PM
Do you get prompted for authentication each time you open an archived item, or just the first time?
11-19-2014 01:26 AM
Just the first time.
12-04-2014 07:40 AM
I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).
http://www.microsoft.com/en-us/download/details.aspx?id=22723