Configuring NTLM authentication on ACE 4710

networking_nwis · ‎06-11-2012

Hi all,

We are deploying a Microsoft Exchange 2010 server environment, which will have a ACE 4710 front end. What we are finding is that if a server goes down, a client will need to re-authenticate to a new server. The server team has informed me that if they use Microsoft SLB this does not happen. They have also mentioned that we are getting basic authentication, rather than NTLM. As a result I have read several posts/articles which mention forcing NTLM on the ACE, but none go into real detail.

A couple of official Cisco documents point to having the Exchange Server, and Client both set to use NTLM. So on the server you do not need to select MAPI encryption. I am told this is not an option here, because a multitude of clients are supported, from Outlook 2003, through to 2010.

Any pointers would be much appreciated.

Mike.

Borys Berlog · ‎06-11-2012

Hi Mike

Could you please clarify what exactly you need to achieve ?

Because e.g. if you have serverfarm with 3 servers, and ACE which loadblance some traffic to them, then ACE can't be responsible for any of things you described.

I mean - Decision about what authentication Basic or NTLM to use, is made on Client/Server side, not on some device which is responsible for redirection traffic. ACE can't be some kind of Authentication Gateway.

Regarding reauthentication, it's not clear either. E.g client was authenticated on server #1 , it failed, how server #2 can know that client was authenticated on server#1. They should have some kind of synchronization in this case, but it's definitely should run on MS side.