[isapros] Re: RPC Question
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 5 Sep 2007 20:50:13 -0500
This is bloggable. Now I can point them to my KCD article for FE/BE
Exchange configs and they can figure the deltas between 2003 and 2007
themselves :)
Thanks!
Tom
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, September 05, 2007 8:00 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question
No; I'm saying that if CIO-JerkyBoy is intent on a no-prompt user
experience, Amy will have to:
1. configure his OL to use NTLM (you probably overlooked this one) and
point it to the oa.domain.tld listener
2. create two listeners for Exch; one for OA and another to support FBA
/ Basic
3. create separate DNS records for the two listeners (yes; now they have
to use "oa.domain.tld" and
"EveryFreakinOtherExchServiceCuzTheCioIsAJerkyBoy.domain.tld")
3. configure the OA ISA listener for Integrated authentication
4. configure the non-OA listener for FBA
5. build two rules appropriate to the two listeners and point them both
to the same Exchange CAS or farm
Jim
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Jones
Sent: Wednesday, September 05, 2007 5:51 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question
Are you saying KCD will negate the prompt when using Outlook Anywhere if
the user is using cached credentials?
Thought I had got KCD working as all delegation errors had gone, but OA
still prompting :-(
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: 06 September 2007 01:46
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question
You get to play with KCD!
I hope they operate a Win2K3 Native domain...
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Wednesday, September 05, 2007 5:51 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question
Of course there is and it's the usual one. The CEO doesn't want to type
in his password every time he uses Outlook.
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Wednesday, September 05, 2007 8:24 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question
Maybe a more important queston is:
"Why do you want to use Integrated Authentication at the Web Proxy
Listener"
Since the Basic credentails are hidden in SSL tunnels, it shouldn't
matter. Or is there another "hidden requirement" which is the actual
basis of the question?
:)
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, September 05, 2007 7:18 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> Silly wabbit...
> This is an ISA 2006 deployment; none of that SBS/ISA2004
> Basic-delegation-only silliness.
>
> Amy - you need to get familiar with eth chart at the bottom of this
> page:
> http://www.microsoft.com/technet/isa/2006/authentication.mspx
>
> Also, if you're thinking about adding EAS clients, you're limited to
> using either Basic or ClientCert auth.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Wednesday, September 05, 2007 5:10 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> So as to avoid a can of worms that can't be opened.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Wednesday, September 05, 2007 7:08 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: RPC Question
> >
> > Why for you be says dat?
> > Snot true...
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Wednesday, September 05, 2007 4:18 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: RPC Question
> >
> > YOU MUST USE BASIC. That is a requirement.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > > Sent: Wednesday, September 05, 2007 6:15 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] RPC Question
> > >
> > > I'm working on an ISA 2006 machine with an Exchange 2003
> > server behind
> > > it to publish Outlook Anywhere. I used the wizard to create
> > > the rule. If
> > > I select Basic Authentication (on both ISA and IIS) the
> > > publishing rule
> > > works. If I use NTLM (on ISA and IIS) it doesn't. I get ISA
> > > Denied logs
> > > reason 12239. Does it not support NTLM authentication?
> > >
> > > Since this works with Basic I know I don't have certificate
> > > issues and I
> > > know it can authenticate usernames, passwords and find its
> > way to the
> > > mailbox.
> > >
> > > Amy
> > >
> > >
> > >
> > >
> > >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> >
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
