[isapros] Re: Weird KCD-ness with Exchange 2007/OCS 2007
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Mon, 12 May 2008 16:15:11 -0700
Since the delegation is KCD, the OCS server must use Windows Integrated auth;
is this configured?
What do you find in the OCS logs?
Do the OCS and ISA reside in the same domain?
Jim
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: Monday, May 12, 2008 3:39 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Weird KCD-ness with Exchange 2007/OCS 2007
Hi,
As per normal, I am a little stuck with a weird problem of reasonable
complexity and wondering if anyone can help...
We have Exchange 2007 published via ISA Server 2006, using a dedicated Windows
Integrated listener which in turn uses KCD to provide a seamless authentication
experience for Outlook Anywhere users in the field on domain member laptops
(using cached credentials). Exchange autodiscovery is fully configured and all
aspects of Outlook work (OOF, OAB etc.) are working just fine. Outlook
Autodiscovery tests make all the right noises too...
So, we recently deployed OCS 2007 which now uses the autodiscovery services of
Exchange 2007 to find the Exchange 2007 web services (EWS) - this negates the
need to run Outlook on the desktop but still have OCS/Exchange
integration...here's the rub, although Outlook 2007 is totally happy and
provides a seamless login, the Office Communicator client doesn't and just
provides a password prompt which cannot be satisfied with any credential
combination...
As part of the testing, I disabled ISA pre-auth and allowed a connection direct
to the back end using "no delegation, client may authenticate with backed" etc.
AND THIS WORKS, so the problem must lie with authentication between the OCS
client and ISA or somehow with KCD...
The ISA logs show both Exchange/OCS client using the same ISA rule for
autodiscovery and both logs show the correct 'domain\user' value...all OCS
communications are SSL forced, so this makes netmon/wireshark stuff hard to
do...
At first I was guessing it most be an OCS client problem/bug, but disabling ISA
pre-auth gets things working, so now I am not so sure :-(
Ideas on troubleshooting or any pointers???
Cheers all...
JJ
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
Other related posts:
