I have an ISA 2004 server up and running for an Exchange 2003 system and Internet access works for OWA & Smartphones but I can't get RPC over HTTP to work (the boards show a number of users that have problems with this). The reason we are looking at NTLM is due to a number of problems with Basic Authentication ... users flub their password and then lock out their accounts. I have broken out this access to two rules & DNS names to get this working.
Tom's articles show RPC over HTTP publishing for ISA 2000 ... do you plan to upgrade them for ISA 2004? I plan to buy your books ... whatever it takes to get this working. Everything I have read here and at MS shows only Basic Authentication configuration. We may be going the wrong direction but I need users to be able to log into their laptop on the Internet, open Outlook and for it to just work without problems.
My apologies but my ISA server is on a perimeter DMZ with a single NIC (I know ... I read your trailer).
Well, I seem to have solved my own problem. My issues was that, when I split out the rules on the ISA server, I forgot to add the /rpc/* directory to the new rule. Adding this back in fixed the problem.
What I am still looking for is good documentation that explains the different authentication settings that you can choose in the Outlook client (Basic, NTLM) in coordination with what you select on the ISA server (Digest, Basic, Integrated, FBA, etc.). I don't know if I should be selecting Integrated on ISA for NTLM on the client or if I should skip authentication all together and let the Exchange Front-end handle this. Choosing Integrated or Basic in ISA do the same thing ... the Outlook 2003 client simply connects with no prompts.
From: Tucson, AZ
I'm almost positive that Basic must be used because the username needs to be passed through to the exchange server. NTLM/Integrated, in this case, only sends the username to the immediate server (ISA) and the exchange server gets an anonymous logon.