Microsoft KB Archive/274397

= XCCC: OWA Does Not Support Integrated Windows Authentication on Front-End Servers =

PSS ID Number: 274397

Article Last Modified on 6/18/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server

-



This article was previously published under Q274397



SYMPTOMS
When you configure a server that is running Exchange 2000 to act as a front-end server in a front-end/back-end configuration, Exchange 2000 Outlook Web Access (OWA) client computers cannot use Integrated Windows authentication. The Integrated Windows authentication option is unavailable in the Exchange Server HTTP protocol authentication properties.



CAUSE
Integrated Windows authentication consists of Windows NT LAN Manager (NTLM) or Kerberos authentication. When you use these authentication methods, Microsoft Internet Explorer automatically forwards credentials to the server when one of these authentication methods is negotiated. These authentication methods enable the OWA client to prove to the Exchange 2000-based server that the client knows what the user's password is without actually giving the server the password. Because the server must already know what the user's password is, OWA silently authenticates the password without telling the users. These authentication methods prevent rogue servers from stealing passwords. However, the process on the Exchange 2000-based server does not know what the user's password is, and cannot verify the user to another server (the backend, in this case). Therefore, these two authentication methods cannot be used on a front-end server because the front-end server cannot authenticate to the back end.



WORKAROUND
To work around this issue, configure the OWA clients to use Basic (Clear-Text) Authentication Using Secure Sockets Layer (SSL).



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.

Keywords: kbbug kbpending KB274397

Technology: kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchangeSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.