• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Secure Messaging >> Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Enabling Kerberos Authentication for MAPI Clients Conne... - 2.Jun.2011 3:25:18 PM   
turbomcp

 

Posts: 21
Joined: 27.Jul.2006
Status: offline
Hi
i have tried to configure kerberos authentication using the above or ms instructions(same thing)
everything seems to work fine for outlook 2010 client on xp.
but qwhen i try to use outlook 2003 on xp i get constant prompts for passwords which ofcourse dont work and at the end im in disconnected state.
ntlm works fine
same mailbox on both tests
my setup is very simple and basicly is one ad site one array two subnets, 2 dc's.
using kemp load balancer with single vip for each service(not really relavnt for outlook 2003)
what i noticed when runing klist on outlook 2010 machine:
Cached Tickets: (8)

Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: ldap/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: HTTP/ews.test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: HTTP/autodiscover.test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeMDB/MBX1.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeRFR/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: exchangeMDB/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04


Server: ldap/dc.Test.corp/Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 1:21:04
Renew Time: 6/9/2011 15:21:04

what i noticed when runing klist on outlook 2003 machine:
Cached Tickets: (7)

Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: krbtgt/TEST.CORP@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: exchangeMDB/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: exchangeRFR/Primary.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: cifs/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: ldap/dc.Test.corp/Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31


Server: LDAP/dc.Test.corp@TEST.CORP
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 6/3/2011 0:48:31
Renew Time: 6/9/2011 14:48:31

i am thnking maybe public folder issue?
anyway,couldnt find any explanation yet
if anyone has an idea
(twe two xp machines are identical and are syspreped image)
Thanks
Post #: 1
RE: Enabling Kerberos Authentication for MAPI Clients C... - 2.Jun.2011 3:55:39 PM   
turbomcp

 

Posts: 21
Joined: 27.Jul.2006
Status: offline
Solved it:)
was a typo in the spn for address book
instead of exchangeab/primary.test.corp test\exchangeasa$
was poiting to:
exchangerab/primary.test.corp test\exchangeasa$
once that was fixed purges tickets flushed dns and all is good:)

(in reply to turbomcp)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Secure Messaging >> Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter