Question on Remote User Login! RRS feed

  • Question

  • Hi,


    I have a question I hope someone can help me answer. I have remote users that are logging in vpnless from a domain joined machine.  They get prompted for username and password for outlook integration, once they put there credentials in all errors go away. I am wondering if prompts for remote users logging in VPNless is normal.


    Thursday, May 15, 2008 5:47 PM

All replies


    Yes, that behavior is normal. Remote users are logging in via cached credentials and when they try to access a "live" resource they will be prompted for credentials.
    Thursday, May 15, 2008 11:40 PM
  • Hi Alex,


    I was thinking the same thing but then I was sitting with a guy I know from Microsoft and his system didn't work that way so I got confused...


    Sunday, May 18, 2008 9:37 PM

    I have seen that symptom when the firewall between the DMZ and the DC drops large UDP packets.  It would prompt and then failover to NTLM and work.  Take a look at this article and see if it applies: http://support.microsoft.com/kb/244474

    Wednesday, May 21, 2008 5:09 AM

    I had the same issue, and after many support calls, I change the authentication method in IIS  on my OCS server to use just NTLM, as IE will not failover from Kerberos to NTLM if it is offered kerberosand fails ( I was told this was by design).


    So the command i used was:


    cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders "NTLM"


    if you run the below this will tell you what it is currently set as, the site ID can be found in the IIS console


    cscript adsutil.vbs get w3svc/"SITE ID"/root/NTAuthenticationProviders 


    I know of one other company this has worked for

    Thursday, May 22, 2008 10:14 PM
  • Hi everyone,


    Thanks for the response, This resolution does make sence to me. I will try this when I am back in after the holiday and let you know if this works. 


    Monday, May 26, 2008 10:26 PM
  • Hi Blackuke,


    I had one quick question that I just thought of. Wouldn't I need to run this script on my Exchange server since the prompt is for the calender not anything with OCS??

    Monday, May 26, 2008 10:30 PM