Enabling kerberos authentication for mapi clients for Exchange 2010 and outlook 2010 users.



few of the users outlook got disconnected and when we did more research on the issue we find the Issue with the authentication as with outlook 2010 it set with a negotiate authentication by default and when we change it to kerberos password authentication. Problem has been sorted out. But the issue has been widespread to one site and we want to push the kerberos authentication for all mapi client using the group policy.

Please help me who we can proceed on this. It would be good if you provide the detailed steps.


[Also i found one Article- http://blogs.technet.com/b/exchange/archive/2011/04/15/recommendation-enabling-kerberos-authentication-for-mapi-clients.aspx]

But this is to change something with CAS and we want to do the kerberos using the group policy.
LVL 1
mansoornazarAsked:
Who is Participating?
 
e_aravindCommented:
how many CAS-server you have?
Do you use any CAS-Array?

If you are using just a single-CAS server...then you can directly expect the Kerberos to be tried and used by the Outlook Clients

Regarding the CAS-Array:
http://blogs.technet.com/b/exchange/archive/2011/04/15/recommendation-enabling-kerberos-authentication-for-mapi-clients.aspx]
Create an account to be used as the ASA credential ....should be helping you to achieve the Kerberos Authentication.


Issue is wide-spread to a site:
>> The default Outlook profile is sufficient to ask Outlook to check for the Kerberos authentication.
If we fix the CAS-Server for the Kerberos...this should be sufficient
If we are not concentrating @ the CAS-server and just changing\forcing the Outlook UI....still the auth. may fail.
0
 
RadweldCommented:
The way I understood this was Outlook will negotiate the strongest authentication protocol possible. If kerberos is available it will use it. If you followed the blog and enabled Kerberos authentication on the CAS server then the clients should use it. forcing Kerberos in my opinion is a bad idea because although you want the clients to use Kerberos, you want them to fall back to NTLM if they can't authenticate with Kerberos.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.