Microsoft KB Archive/269348

From BetaArchive Wiki
Knowledge Base


Article ID: 269348

Article Last Modified on 3/12/2007


APPLIES TO

  • Microsoft Exchange 2000 Server Standard Edition, when used with:
    • Microsoft Windows 2000 Standard Edition


This article was previously published under Q269348

SYMPTOMS

When a user on a Microsoft Windows 2000-based computer uses Microsoft Internet Explorer 5 or later to gain access to Microsoft Outlook Web Access, the user may receive the following security warning message:

This page contains both secure and nonsecure items.
Do you want do display the nonsecure items?

If the user clicks Yes, the user receives the following error message in one of the panes:

The page cannot be displayed

The user may also receive the following error message:

Unable to display folder. An internal server error occurred.

CAUSE

This issue can occur if the Exchange 2000 Server virtual directory is set up to use Secure Sockets Layer (SSL) and Kerberos authentication (Integrated Windows authentication).

This method of authentication depends on time synchronization between the client and the server. The difference in the time on the two computers must be no more than a five minutes. Time zone differences do not affect this method of authentication, because these differences are already accounted for.

RESOLUTION

To resolve this issue, synchronize the time on the client computer with the time on the server. To do this automatically, set up an authoritative time server. For more information about how to set up an authoritative time server, click the following article number to view the article in the Microsoft Knowledge Base:

216734 How to configure an authoritative time server in Windows 2000


WORKAROUND

To work around this issue, disable Integrated Windows authentication on the Exchange 2000 virtual directory by using Internet Services Manager. To do this, follow these steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. Locate the Exchange 2000 virtual directory.
  3. Click Exchange, click Action, and then click Properties.
  4. Click the Directory Security tab.
  5. Under Anonymous access and authentication control, click Edit.
  6. Click to clear the Integrated Windows authentication check box, and then make sure that either the Basic or Digest authentication for Windows domain servers check box is selected.


Note If you use basic authentication, passwords are transmitted in clear text. A certificate is required to enable Secure Sockets Layer (SSL) client authentication.


STATUS

This behavior is by design. This is a requirement of Kerberos authentication.

MORE INFORMATION

If a user on a Windows 2000-based computer uses Internet Explorer 5 or later to authenticate against a Microsoft Internet Information Service (IIS) 5.0 resource that has Integrated Windows authentication enabled, a negotiate procedure is performed, and Kerberos authentication is likely to be used. Kerberos authentication requires time synchronization as a method of protecting against replay attacks.


Additional query words: exch2kp2w XWEB

Keywords: kberrmsg kbprb KB269348



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/269348&oldid=148133
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki