[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Using NTLM with RCP/HTTP Authentication for Exchange

Posted on 2006-06-28
Medium Priority
Last Modified: 2008-01-09
We are using RCP/HTTP for Exchange access for all portable machines on our network.  We are able to get RCP/HTTP to work external from our network using Basic Authentication, and We are able to get NTLM to work when inside our network.  Unfortunatly, we cannot get NTLM to work outside our network.  When we start Outlook on an machine that was verified working locally, it waits then asks for a login.  The user can then try logging in using the user id alone as well as the basic authentication format (doman\username)  and it will not authenticate.  

Any ideas what might be causing the issue?
We have a fully qualified domain and are using a Sonicwall hardware firewall and have forwarded WAN requests from the following ports to the exchange server:

5800 - 5900  (TCP/UDP)
993  (TCP)
143 (TCP)
135-139 (TCP/UDP)
389  (TCP/UDP)
443  (TCP)
88   (TCP/UDP)
80  (TCP)
636 (TCP)
Question by:bitslv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 104

Expert Comment

ID: 17003987
The ONLY port you need for RPC over HTTPS to work is 443. Nothing else. The other ports can be closed unless you need them to be open. In fact some of those ports are dangerous to have open to the Internet - 135 especially.


Author Comment

ID: 17004114
I understand that and closed the unused ports including 135.  Unfortunatly, I still cannot understand why I cannot Get NTLM to work outside the network.  Port 443 is open.  Why would basic work, but not NTLM?
LVL 104

Expert Comment

ID: 17004191
What authentication settings have you got set on the /rpc virtual directory in IIS Manager?

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.


Author Comment

ID: 17004316
Basic Authentication was checked only.  Should "Integrated Windows Authentication" also be checked?




Author Comment

ID: 17004570
The Default Domain and Realm are the same.  I selected the top three authentication methods.  

I still need to test externally, but which authentication methods do you suggest?
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 17004866
If basic authentication was enabled, then that would stop NTLM from working. You need to have both integrated and basic enabled. Do not enable anonymous.

Although it doesn't really matter, because RPC over HTTPS using https which is encrypted anyway.


Author Comment

ID: 17013669
That was it.  Thank you very much for your help.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question