EnterpriseVault in Outlook Anywhere ask credential.

Hi, 

We are configuring Outlook Anywhere and the first time we open a shortcut or Search Archive it ask for credential. 

What We have:

  • Outlook 2010
  • Exchange Server 2010 SP3 RU 7
  • Enterprise Vault 9.0.3
  • TMG
  • Outlook anywhere is published with Basic Authentication

When we logon with outlook 2010 from the web it ask for credential and that is normal, but when we access an shortcut it as for credential again, and when we access Archive Explorer or Search Vaults it ask for credential again.

 

How can we prevent this extra logon?

1 Solution

Accepted Solutions
Highlighted
Accepted Solution!

I believe whats happening

I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).

http://www.microsoft.com/en-us/download/details.aspx?id=22723

View solution in original post

7 Replies
Highlighted

Do you have the Enterprise

Do you have the Enterprise Vault server names (and aliases if used) added to the option in the "Desktop Policy/Advanced/Outlook/Add server to Intranet Zone"? Does this happen when accessing internally and externally?

Highlighted

Yes, se have

Yes, we have.
Highlighted

What about my second

What about my second question. Does this happen when using Outlook Anywhere from an external network and the internal network? What type of authentication delegation do you have setup on the Enterprise Vault publishing rule in TMG? It should be NTLM. Have a look through this article again http://www.symantec.com/business/support/index?page=content&id=TECH61472

While this is for ISA 2006, it still applies for TMG.

Highlighted

Only external access ask for

Only external access ask for credential, yes we saw  tech61472.

We starting to believe that how it work, when using outlook 2010 with enterprise vault add'ins and we access vault this access is via an IE thread.

Highlighted

Do you get prompted for

Do you get prompted for authentication each time you open an archived item, or just the first time?

Highlighted

Just the first time.

Just the first time.

Highlighted
Accepted Solution!

I believe whats happening

I believe whats happening here is that when you're on the external network using Outlook Anywhere, even though you have the Enterprise Vault rule set to use NTLM authentication, its falling back to Basic. Even though the EV guide has you set the TMG rule to NTLM, it doesnt work like that. They are missing some important information about conifguring Kerberos Constrained Delegation for the rule so that it will actually work correctly. Check out the following guide (its for Outlook Anywhere, but the same principals will apply to publishing EV).

http://www.microsoft.com/en-us/download/details.aspx?id=22723

View solution in original post