From: Maybrook, NY USA
I have ISA 2006 Standard. The Authentication Delegation tab of the webserver publisher rule has these three options:
No delegation, and client cannot authenticate directly No delegation, but client may authenticate directly Kerberos constrained delegation
According to the help screens and other references, it should also have four more choices: Basic NTLM NTLM/Kerberos (Negotiate) SecurID
I have a webserver behind ISA which hosts the company website AND OWA. The users just add /exchange on the end of the company website to get to OWA. It works great through ISA 2004.
I did a test cutover to ISA 2006 today, the company website worked, but OWA didn't, I was never prompted for credentials. I think this is because my web publishing rule had "No delegation, and client cannot authenticate directly" selected.
I am unclear how to get the credentials to work, especially with options missing. Anyone know?
One thing I did read after the test is that on the web listener, Authentication tab, Advanced, I should enable 'Allow client authentication over HTTP'. True?
Additional info: we use a certificate for OWA, we don't use forms-based authentication.