Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Secure Messaging



Message


turbomcp -> Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 (2.Jun.2011 3:25:18 PM)

Hi
i have tried to configure kerberos authentication using the above or ms instructions(same thing)
everything seems to work fine for outlook 2010 client on xp.
but qwhen i try to use outlook 2003 on xp i get constant prompts for passwords which ofcourse dont work and at the end im in disconnected state.
ntlm works fine
same mailbox on both tests
my setup is very simple and basicly is one ad site one array two subnets, 2 dc's.
using kemp load balancer with single vip for each service(not really relavnt for outlook 2003)
what i noticed when runing klist on outlook 2010 machine:
Cached Tickets: (8)

Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: ldap/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: HTTP/ews.test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: HTTP/autodiscover.test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeMDB/MBX1.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeRFR/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeMDB/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: ldap/dc.Test.corp/Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04

what i noticed when runing klist on outlook 2003 machine:
Cached Tickets: (7)

Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: exchangeMDB/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: exchangeRFR/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: cifs/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: ldap/dc.Test.corp/Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: LDAP/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31

i am thnking maybe public folder issue?
anyway,couldnt find any explanation yet
if anyone has an idea
(twe two xp machines are identical and are syspreped image)
Thanks




turbomcp -> RE: Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 (2.Jun.2011 3:55:39 PM)

Solved it:)
was a typo in the spn for address book
instead of exchangeab/primary.test.corp test\exchangeasa$
was poiting to:
exchangerab/primary.test.corp test\exchangeasa$
once that was fixed purges tickets flushed dns and all is good:)




Page: [1]