RPC over HTTPS and NTLM

drummingfool · 08-03-2009, 09:12 AM

Alright guys, here's my dilemma.

Ive got a virtual server running 2008, exchange 2007 and IIS 7.0.

Clients that connect to said server for exchange are off-site. Each client is configured with the certificate manually installed, outlook 2003 on XP for most. Some are using Outlook 2007 on vista. They all connect through a proxy to get to the exchange server, RPC over HTTPS.

The problem is that NTLM doesn't work, even though it is enabled on the server. Clients can connect just fine with basic authentication, but when I try to connect using NTLM I just keep getting prompted for a password and it wont log in. Just to head off any questions, I want to use NTLM because the client is not wanting to have to type in a password every time they open outlook.

Client setups are as follows:

Proxy Settings:

https://*********.**********.com
Connect using SSL Only
Connect to proxies having principal name in cert:
msstd:**********.**********.com
Fast and slow networks, HTTP first.
Basic auth

I've been spinning my wheels on this for 2 weeks now, and am desperate. I usually don't use support forums, but I'm at my wits end.

Any suggestions on this?

**bilbus** · 08-03-2009, 02:49 PM

I am fairly sure NTLM will only work if the pc is a member of the domain, are they?

drummingfool · 08-04-2009, 09:54 AM

Im pretty sure you can use NTLM when the machine itself isnt on the domain. They still log into the exchange server using the domain. EG - they authenticate with domain\username and password.

**bilbus** · 08-05-2009, 12:42 AM

right, but if they are not on the domain, they will need to type in the password every time they open outlook.

Are you saying that it still does not work even after they type in their username / password?

drummingfool · 08-05-2009, 08:09 AM

No, it works, I guess I'm looking for some kind of workaround where they wont have to.

It wouldnt be so bad if they only had to type it in when they first opened outlook, but outlook will randomly ask them for their password again during their session. Where would I start looking to get this fixed?

**bilbus** · 08-05-2009, 11:52 AM

well, they need to re type in the password, because they lost conectivity to exchange.

drummingfool · 08-05-2009, 12:00 PM

How could I check what is causing them to lose the connection?

08-03-2009, 09:12 AM	#1 (permalink)
drummingfool Registered User Join Date: Aug 2009 Posts: 4 OS: Server 2003-2008, xp, vista, win 7, redhat, centos	RPC over HTTPS and NTLM Alright guys, here's my dilemma. Ive got a virtual server running 2008, exchange 2007 and IIS 7.0. Clients that connect to said server for exchange are off-site. Each client is configured with the certificate manually installed, outlook 2003 on XP for most. Some are using Outlook 2007 on vista. They all connect through a proxy to get to the exchange server, RPC over HTTPS. The problem is that NTLM doesn't work, even though it is enabled on the server. Clients can connect just fine with basic authentication, but when I try to connect using NTLM I just keep getting prompted for a password and it wont log in. Just to head off any questions, I want to use NTLM because the client is not wanting to have to type in a password every time they open outlook. Client setups are as follows: Proxy Settings: https://*******.******.com Connect using SSL Only Connect to proxies having principal name in cert: msstd:******.*******.com Fast and slow networks, HTTP first. Basic auth I've been spinning my wheels on this for 2 weeks now, and am desperate. I usually don't use support forums, but I'm at my wits end. Any suggestions on this? Last edited by drummingfool; 08-03-2009 at 09:13 AM.*

08-03-2009, 02:49 PM	#2 (permalink)
bilbus TSF Enthusiast Join Date: Aug 2006 Posts: 955 OS: OS2 Warp	Re: RPC over HTTPS and NTLM I am fairly sure NTLM will only work if the pc is a member of the domain, are they?

08-04-2009, 09:54 AM	#3 (permalink)
drummingfool Registered User Join Date: Aug 2009 Posts: 4 OS: Server 2003-2008, xp, vista, win 7, redhat, centos	Re: RPC over HTTPS and NTLM Im pretty sure you can use NTLM when the machine itself isnt on the domain. They still log into the exchange server using the domain. EG - they authenticate with domain\username and password.

08-05-2009, 12:42 AM	#4 (permalink)
bilbus TSF Enthusiast Join Date: Aug 2006 Posts: 955 OS: OS2 Warp	Re: RPC over HTTPS and NTLM right, but if they are not on the domain, they will need to type in the password every time they open outlook. Are you saying that it still does not work even after they type in their username / password?

08-05-2009, 08:09 AM	#5 (permalink)
drummingfool Registered User Join Date: Aug 2009 Posts: 4 OS: Server 2003-2008, xp, vista, win 7, redhat, centos	Re: RPC over HTTPS and NTLM No, it works, I guess I'm looking for some kind of workaround where they wont have to. It wouldnt be so bad if they only had to type it in when they first opened outlook, but outlook will randomly ask them for their password again during their session. Where would I start looking to get this fixed?

08-05-2009, 11:52 AM	#6 (permalink)
bilbus TSF Enthusiast Join Date: Aug 2006 Posts: 955 OS: OS2 Warp	Re: RPC over HTTPS and NTLM well, they need to re type in the password, because they lost conectivity to exchange.

08-05-2009, 12:00 PM	#7 (permalink)
drummingfool Registered User Join Date: Aug 2009 Posts: 4 OS: Server 2003-2008, xp, vista, win 7, redhat, centos	Re: RPC over HTTPS and NTLM How could I check what is causing them to lose the connection?