cancel
Showing results for 
Search instead for 
Did you mean: 

prompt password and username when open archive explorer-how to make it disappear

chikarizee
Level 3
Partner

my scenario is exactly in of the article from symantec. But what confusing me is about the certificate?

detail: EV 10.0.3 for exchange mailbox

Scenario 5 - Accessing Archive Explorer or Search Archives Externally through OWA 2007
If ArchiveExplorer or Search Archives is accessed externally through OWA 2007 it is expected behavior to be prompted for authentication as the user is redirected from the OWA Server directly to the Enterprise Vault server and there is not a domain certificate since the user's computer is not currently connected to the Domain.

1 ACCEPTED SOLUTION

Accepted Solutions

Arjun_Shelke
Level 6
Employee Accredited

OK let me know if I understand you correct. Users are prompted for username and password when connected externally while accessing AE or Search within OWA. And you found this scenario matching to an article. But you did not understand the certificate concept. And you want to know if there is any way to stop the credentials prompt?

There are 2 methods of authentications which we can use - Kerberos or NTLM. Kerboros works in domain environment based on tokens/certificates issued to users/clients which is IWA. Integrated Windows Authentication type does not require user to provide username and password when connected internally in a doamin environment.

When user connects externally, which means outside the comany network (domain network) then NTLM is used instead of Kerberos. NTLM uses Basic authentication type (Either Secured SSL or unsecured) where user name and passwords are sent to the authoticating server (thats how NTLM works). Hence user needs to provide username and password.

In our case, first user connects to OWA (CAS/ISA) and then when user clicks on AE or search, the request will be redirected to EV Server. On Enterprise Vault virtual directory if you see the type of authentications, its Basic and IWA. As users request is sent to EV Server, (which cannot use IWA because its not in internal network) and uses Basic auth type to grant the access. EV negociates the authentication methods based on how user/clients connecting to the server.

I hope this will answer your query.

View solution in original post

5 REPLIES 5

Twinkle
Level 4

Well it just mean you have to provide the Credentails every time you accessing the archvied data  externally .

Rob_Wilcox1
Level 6
Partner

hmm, I'm not sure what the question is to be honest.

I've *always* seen that the prompt for credentials happens in the situation described.

Working for cloudficient.com

Arjun_Shelke
Level 6
Employee Accredited

OK let me know if I understand you correct. Users are prompted for username and password when connected externally while accessing AE or Search within OWA. And you found this scenario matching to an article. But you did not understand the certificate concept. And you want to know if there is any way to stop the credentials prompt?

There are 2 methods of authentications which we can use - Kerberos or NTLM. Kerboros works in domain environment based on tokens/certificates issued to users/clients which is IWA. Integrated Windows Authentication type does not require user to provide username and password when connected internally in a doamin environment.

When user connects externally, which means outside the comany network (domain network) then NTLM is used instead of Kerberos. NTLM uses Basic authentication type (Either Secured SSL or unsecured) where user name and passwords are sent to the authoticating server (thats how NTLM works). Hence user needs to provide username and password.

In our case, first user connects to OWA (CAS/ISA) and then when user clicks on AE or search, the request will be redirected to EV Server. On Enterprise Vault virtual directory if you see the type of authentications, its Basic and IWA. As users request is sent to EV Server, (which cannot use IWA because its not in internal network) and uses Basic auth type to grant the access. EV negociates the authentication methods based on how user/clients connecting to the server.

I hope this will answer your query.

Arjun_Shelke
Level 6
Employee Accredited

was it helpful?

chikarizee
Level 3
Partner

thanks. it is really help me a lots.