Microsoft ISA Discussions
 
Outlook
(1)
ActiveSync
(1)
Weblistener
(1)
E537BA393307
(1)
Configures
(1)
Kerberos
(1)
Listener
(1)
Warranty
(1)

Weblistener w/SSL Client Cert. Auth. and Outlook Anywhere

Asked By BWol
05-Oct-08 04:40 PM
Reply
Hello folks,

I have configures a Weblistener with SSL Client Cert. Auth. in ISA 2006. For
OWA and ActiveSync it works perfect with kerberos constrained delegation in
the publishing rule.

For Outlook Anywhere I use the same weblistener (just one official ip). The
publishing rule is configured to ask client for authentication. The problem
is that there comes no dialogue for certificate authtication at the client.
Just the dialogue for user and password...  Don't know whats going wrong...
The client tries to connect but it doesn't work.

In advance thanks.

Kind reagrds,
B. Wolf

You can't do this.Outlook doesn't support certificate auth.

Asked By Jim Harrison \(ISA SE\)
05-Oct-08 04:56 PM
Reply
You can't do this.
Outlook doesn't support certificate auth.
You can have HTTP-Basic or HTTP-NTLM and that's all.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



Hello folks,

I have configures a Weblistener with SSL Client Cert. Auth. in ISA 2006. For
OWA and ActiveSync it works perfect with kerberos constrained delegation in
the publishing rule.

For Outlook Anywhere I use the same weblistener (just one official ip). The
publishing rule is configured to ask client for authentication. The problem
is that there comes no dialogue for certificate authtication at the client.
Just the dialogue for user and password...  Don't know whats going wrong...
The client tries to connect but it doesn't work.

In advance thanks.

Kind reagrds,
B. Wolf

Ok....How to configure this with one official IP?

Asked By BWol
06-Oct-08 02:24 AM
Reply
Ok....

How to configure this with one official IP? For ActiveSync I need the client
certificate authentication.

Thanks.
Regards,
B. Wolf

You can't have certificate authentication and simultaneously serve Outlook

Asked By Jim Harrison \(ISA SE\)
06-Oct-08 09:27 AM
Reply
You can't have certificate authentication and simultaneously serve Outlook
Anywhere clients.
You must either:
1. add an IP and build a separate listener
2. drop certificate authentication

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



Ok....

How to configure this with one official IP? For ActiveSync I need the client
certificate authentication.

Thanks.
Regards,
B. Wolf
Previous Discussion:  ISA 2004 not able to set SMTP server to setup notification
Post Question To EggHeadCafe