Re: Integrated Authentication & MIS

From: Scott Ladewig (scott@ladewig.com)
Date: 01/09/03


From: "Scott Ladewig" <scott@ladewig.com>
Date: Wed, 8 Jan 2003 23:22:48 -0600

Whether or not it is more secure is irrelevant. Server ActiveSync requires
that you enable Integrated authentication. If you don't enable IA, it won't
work. Per Microsoft in Q311830: "This issue can occur if the Exchange
virtual directory on the Exchange server is not configured with Integrated
Windows Authentication. The Server ActiveSync component uses Kerberos
authentication when communicating with the Exchange server. If the Exchange
server is not configured with Integrated Windows Authentication, the
Exchange server returns a 401 error to the Server ActiveSync server, and
then the Server ActiveSync server returns an error 500 to the device. ... To
resolve this issue, enable Integrated Windows Authentication on the Exchange
virtual root. "

I've looked through iisfaq.com already. First place I looked. Didn't find
anything relevant.

"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:O3LKIP4tCHA.616@TK2MSFTNGP11...
> I question the requirement to use Integrated authentication instead of
Basic
> with SSL. I do not think this is more secure.
>
> The answer is probably at www.iisfaq.com
>
>
> "Scott Ladewig" <scott@ladewig.com> wrote in message
> news:OILwZo3tCHA.1132@TK2MSFTNGP12...
> > We currently use Exchange 2000 with OWA using Basic Authentication +
SSL.
> > While trying to get the Server ActiveSync component of Mobile
Information
> > Server installed, I discovered that MIS requires that the Exchange
virtual
> > root on the OWA server has to have Integrated Windows Authentication
> > enabled. That would be fine, but if I enable it, people are prompted to
> > logon, but if they enter just their username and password, the mail
server
> > tries to authenticate them locally instead of against the domain. You
have
> > to provide the domain info to successfully logon.
> >
> > That wouldn't be a problem, but 3000 people have become used to not
having
> > to enter any domain info since we set the default logon domain for Basic
> > authentication. They don't like the idea of changing how they logon so
a
> > couple dozen people can sync their Pocket PCs online.
> >
> > Any way to specify a "default" logon domain for Integrated
Authentication?
> >
> > --
> > Scott Ladewig
> > scott@ladewig.com
> >
> >
>
>



Relevant Pages

  • RE: Unable to authenticate via SMTP to SBS2003
    ... an authentication issue is encountered. ... In Outlook Express, open the Properties window of the mail account and then ... How to Configure a POP3 Client Computer to Use Exchange as the SMTP Server ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2k3 and activesync over the air
    ... Did you apply Exchange SP2 on your Small ... Business Server? ... Open IIS from the Server Management ... Click Edit under Authentication and ...
    (microsoft.public.windows.server.sbs)
  • Re: Need Help ActiveSync 4.2 + exchange 2003 sp2 on SBS 2003 premium sp1
    ... Here's a list of the errors that are known for Exchange ActiveSync - ... To enable Integrated Windows Authentication on the Exchange virtual ... Re-enable Kerberos on the Exchange server by following the ...
    (microsoft.public.pocketpc.activesync)
  • Re: Client application cannot connect to server
    ... When I move to an actual device, i.e.,MotorolaQ, every aspect of the application work except for connecting to the server. ... Microsoft Exchange Server 2003 SP2 ... ISA Server as an advanced firewall in a workgroup in perimeter network ... Set up FBA or Basic authentication for Exchange ActiveSync, ...
    (microsoft.public.windowsce.app.development)
  • RE: Active Sync & OWA probelms
    ... Microsoft CSS Online Newsgroup Support ... |> click "Server Management". ... |> The issue may happen when the authentication method is not configured ...
    (microsoft.public.windows.server.sbs)