[isapros] Re: RPC Question

• From: "Steve Moffat" <steve@xxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 6 Sep 2007 13:14:45 -0300

Why not??...:)

 

From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Amy Babinchak
Sent: Thursday, September 06, 2007 12:12 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question

 

Only when necessary.  But come on guys, you all have your own slang, don’t rap 
someone for theirs.

 

From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Gerald G. Young
Sent: Thursday, September 06, 2007 10:26 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question

 

And kick the perms? :)

Cordially yours,
Jerry G. Young II  ++ Sent from BlackBerry ++
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company

22451 Shaw Rd.
Sterling, VA 20166

Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx


----- Original Message -----
From: isapros-bounce@xxxxxxxxxxxxx <isapros-bounce@xxxxxxxxxxxxx>
To: isapros@xxxxxxxxxxxxx <isapros@xxxxxxxxxxxxx>
Sent: Thu Sep 06 09:54:54 2007
Subject: [isapros] Re: RPC Question

They just poke a hole for that.

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, September 06, 2007 9:03 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question

When faced with this conundrum, ask them how they intend to operate
their Exchange / SharePoint services over the Internet when they're
built as Workgroup.

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Jones
Sent: Thursday, September 06, 2007 4:18 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question

The problem is Tom, it is often more of a perception thing. "Domain
joined = less secure" is the view of many people, irrespective of the
fact that the internal interface is IP connected to the LAN...many
people overlook this simple reality.

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: 06 September 2007 12:13
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC Question

One nice thing about Kerberos Constrained Delegation is that it forces
the dolts to join the ISA Firewalls to the domain.

BTW -- I have not yet found anyone who could point out where in CORBIT
4.1 or in the SOX, GLB or HIPAA guidelines that state anything related
to the ISA Firewall's domain membership. So if you have some dumb*ss
auditor telling that lie, FORCE them to show you the paragraph and line
number that says that the domain joined ISA Firewall, which provides
higher security than a non-domain joined ISA Firewall, would not meet
the guidelines.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)



> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Thursday, September 06, 2007 6:06 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> Well, amazingly enough with my fear of KCD, I have actually got this
> working pretty quickly and no more OA prompts. Nice to actually see it
> working and a good option for customers who want to live with the need
> for extra listeners/IPs/certs in order to improve transparency.
>
> Jim - do you generally use KCD as your default delegation
> method unless
> the appliciton only supports something like Basic (e.g. ActiveSync)??
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: 06 September 2007 02:00
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> No; I'm saying that if CIO-JerkyBoy is intent on a no-prompt user
> experience, Amy will have to:
> 1. configure his OL to use NTLM (you probably overlooked this one) and
> point it to the oa.domain.tld listener
> 2. create two listeners for Exch; one for OA and another to
> support FBA
> / Basic
> 3. create separate DNS records for the two listeners (yes;
> now they have
> to use "oa.domain.tld" and
> "EveryFreakinOtherExchServiceCuzTheCioIsAJerkyBoy.domain.tld")
> 3. configure the OA ISA listener for Integrated authentication
> 4. configure the non-OA listener for FBA
> 5. build two rules appropriate to the two listeners and point
> them both
> to the same Exchange CAS or farm
>
> Jim
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: Wednesday, September 05, 2007 5:51 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> Are you saying KCD will negate the prompt when using Outlook
> Anywhere if
> the user is using cached credentials?
>
> Thought I had got KCD working as all delegation errors had
> gone, but OA
> still prompting :-(
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: 06 September 2007 01:46
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> You get to play with KCD!
> I hope they operate a Win2K3 Native domain...
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Wednesday, September 05, 2007 5:51 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> Of course there is and it's the usual one. The CEO doesn't
> want to type
> in his password every time he uses Outlook.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Wednesday, September 05, 2007 8:24 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC Question
>
> Maybe a more important queston is:
>
> "Why do you want to use Integrated Authentication at the Web Proxy
> Listener"
>
> Since the Basic credentails are hidden in SSL tunnels, it shouldn't
> matter. Or is there another "hidden requirement" which is the actual
> basis of the question?
>
> :)
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
> 
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Wednesday, September 05, 2007 7:18 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: RPC Question
> >
> > Silly wabbit...
> > This is an ISA 2006 deployment; none of that SBS/ISA2004
> > Basic-delegation-only silliness.
> >
> > Amy - you need to get familiar with eth chart at the bottom of this
> > page:
> > http://www.microsoft.com/technet/isa/2006/authentication.mspx
> >
> > Also, if you're thinking about adding EAS clients, you're limited to
> > using either Basic or ClientCert auth.
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Wednesday, September 05, 2007 5:10 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: RPC Question
> >
> > So as to avoid a can of worms that can't be opened.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> > 
> >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > Sent: Wednesday, September 05, 2007 7:08 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: RPC Question
> > >
> > > Why for you be says dat?
> > > Snot true...
> > >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Wednesday, September 05, 2007 4:18 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: RPC Question
> > >
> > > YOU MUST USE BASIC. That is a requirement.
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > > 
> > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > > > Sent: Wednesday, September 05, 2007 6:15 PM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] RPC Question
> > > >
> > > > I'm working on an ISA 2006 machine with an Exchange 2003
> > > server behind
> > > > it to publish Outlook Anywhere. I used the wizard to create
> > > > the rule. If
> > > > I select Basic Authentication (on both ISA and IIS) the
> > > > publishing rule
> > > > works. If I use NTLM (on ISA and IIS) it doesn't. I get ISA
> > > > Denied logs
> > > > reason 12239. Does it not support NTLM authentication?
> > > >
> > > > Since this works with Basic I know I don't have certificate
> > > > issues and I
> > > > know it can authenticate usernames, passwords and find its
> > > way to the
> > > > mailbox.
> > > >
> > > > Amy 
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > >
> > >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> >
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
>




All mail to and from this domain is GFI-scanned.







=================================

This email message is intended for the use of the person to whom it has been 
sent, and may contain information that is confidential or legally protected. If 
you are not the intended recipient or have received this message in error, you 
are not authorized to copy, distribute, or otherwise use this message or its 
attachments. Please notify the sender immediately by return e-mail and 
permanently delete this message and any attachments. NTT America makes no 
warranty that this email is error or virus free. Thank you.

 

• References:
  • [isapros] Re: RPC Question
    • From: Gerald G. Young
  • [isapros] Re: RPC Question
    • From: Amy Babinchak

Other related posts:

• » [isapros] RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question
• » [isapros] Re: RPC Question

1. Home
2. isapros
3. Archive
4. 09-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---