RE: Kerberos authentication from FE to BE

• From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Thu, 18 Nov 2004 13:55:02 -0500

To successfully work, you'll need more than those ports.  What list of ports
exactly do you have open?   

-----Original Message-----
From: ravi [mailto:rrb@xxxxxxxxxxx] 
Sent: Thursday, November 18, 2004 1:34 PM
To: [ExchangeList]
Subject: [exchangelist] Kerberos authentication from FE to BE

http://www.MSExchange.org/

In the default exchange 2003 FE/BE configuration, kerberos is used for
authentication.
we have our FE in DMZ. we opened UDP/TCP 88 to our domain controllers.
we are seeing some warnings on FE:
Microsoft Exchange Server has detected that NTLM-based authentication  is
presently being used between this server and server 'BE'. NTLM is  still a
secure authentication mechanism and protects users' credentials.  
However, this indicates that there may be a configuration issue preventing
 the use of Kerberos authentication.   If this condition persists, please
verify that server 'BE' is properly  configured to use Kerberos
authentication.  After applying any changes it may be necessary to restart
Internet Information Services on both the front-end and back-end servers.

my question is:
Do we need to open port 88 UDP/TCP from DMZ to Back End server also?

I would greatly appreciate any help,

thanks,

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE
• » RE: Kerberos authentication from FE to BE

1. Home
2. exchangelist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---