Re: Integrated Authentication & MIS

From: Scott Ladewig (
Date: 01/09/03

From: "Scott Ladewig" <>
Date: Wed, 8 Jan 2003 23:22:48 -0600

Whether or not it is more secure is irrelevant. Server ActiveSync requires
that you enable Integrated authentication. If you don't enable IA, it won't
work. Per Microsoft in Q311830: "This issue can occur if the Exchange
virtual directory on the Exchange server is not configured with Integrated
Windows Authentication. The Server ActiveSync component uses Kerberos
authentication when communicating with the Exchange server. If the Exchange
server is not configured with Integrated Windows Authentication, the
Exchange server returns a 401 error to the Server ActiveSync server, and
then the Server ActiveSync server returns an error 500 to the device. ... To
resolve this issue, enable Integrated Windows Authentication on the Exchange
virtual root. "

I've looked through already. First place I looked. Didn't find
anything relevant.

"Karl Levinson [x y] mvp" <> wrote in message
> I question the requirement to use Integrated authentication instead of
> with SSL. I do not think this is more secure.
> The answer is probably at
> "Scott Ladewig" <> wrote in message
> news:OILwZo3tCHA.1132@TK2MSFTNGP12...
> > We currently use Exchange 2000 with OWA using Basic Authentication +
> > While trying to get the Server ActiveSync component of Mobile
> > Server installed, I discovered that MIS requires that the Exchange
> > root on the OWA server has to have Integrated Windows Authentication
> > enabled. That would be fine, but if I enable it, people are prompted to
> > logon, but if they enter just their username and password, the mail
> > tries to authenticate them locally instead of against the domain. You
> > to provide the domain info to successfully logon.
> >
> > That wouldn't be a problem, but 3000 people have become used to not
> > to enter any domain info since we set the default logon domain for Basic
> > authentication. They don't like the idea of changing how they logon so
> > couple dozen people can sync their Pocket PCs online.
> >
> > Any way to specify a "default" logon domain for Integrated
> >
> > --
> > Scott Ladewig
> >
> >
> >