Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Using NTLM with RCP/HTTP Authentication for Exchange

Posted on 2006-06-28
8
Medium Priority
?
396 Views
Last Modified: 2008-01-09
We are using RCP/HTTP for Exchange access for all portable machines on our network.  We are able to get RCP/HTTP to work external from our network using Basic Authentication, and We are able to get NTLM to work when inside our network.  Unfortunatly, we cannot get NTLM to work outside our network.  When we start Outlook on an machine that was verified working locally, it waits then asks for a login.  The user can then try logging in using the user id alone as well as the basic authentication format (doman\username)  and it will not authenticate.  

Any ideas what might be causing the issue?
 
We have a fully qualified domain and are using a Sonicwall hardware firewall and have forwarded WAN requests from the following ports to the exchange server:

5800 - 5900  (TCP/UDP)
993  (TCP)
143 (TCP)
135-139 (TCP/UDP)
389  (TCP/UDP)
443  (TCP)
88   (TCP/UDP)
80  (TCP)
636 (TCP)
0
Comment
Question by:bitslv
  • 4
  • 3
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17003987
The ONLY port you need for RPC over HTTPS to work is 443. Nothing else. The other ports can be closed unless you need them to be open. In fact some of those ports are dangerous to have open to the Internet - 135 especially.

Simon.
0
 

Author Comment

by:bitslv
ID: 17004114
I understand that and closed the unused ports including 135.  Unfortunatly, I still cannot understand why I cannot Get NTLM to work outside the network.  Port 443 is open.  Why would basic work, but not NTLM?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17004191
What authentication settings have you got set on the /rpc virtual directory in IIS Manager?

Simon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:bitslv
ID: 17004316
Basic Authentication was checked only.  Should "Integrated Windows Authentication" also be checked?

Thanks,

Brook

0
 

Author Comment

by:bitslv
ID: 17004570
The Default Domain and Realm are the same.  I selected the top three authentication methods.  

I still need to test externally, but which authentication methods do you suggest?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17004866
If basic authentication was enabled, then that would stop NTLM from working. You need to have both integrated and basic enabled. Do not enable anonymous.

Although it doesn't really matter, because RPC over HTTPS using https which is encrypted anyway.

Simon.
0
 

Author Comment

by:bitslv
ID: 17013669
That was it.  Thank you very much for your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question