none
UAG and Outlook Anywhere with Custom Repository RRS feed

  • Question

  • Hello,

    We are trying to publish Outlook Anywhere over UAG and we are experiencing major issue with UAG authentication.

    We need to use custom repository as we have to map AD users to Exchange users. OWA is working fine.

    But Autodiscovery and RPC applications uses NTLM and Basic authentication, and not UAG portal. That is understood.

    But it seems that it is not possible to use custom repository for pre-portal authentication. We tried to switch from our custom repository to AD repository and NTLM authentication works.

    When we try to use custom repository we see this error message in Web monitor:

    User with source IP address failed to log into trunk uag (secure=1) using authentication server test with session ID C28512EC-218C-4DB5-9251-0D6FB90CA1C6. Error code is .

    Uag traces have the following lines:

    [2]d58.1648 02/03/2011-19:08:06.127 [usermgrcore whale::usermgr::CRepositoryMgr::GetRepository Repository.cpp@730] ERROR:in dummy repository  --- repository [test]

    [2]d58.1648 02/03/2011-19:08:06.127 [usermgrcore whale::usermgr::CRepository::CRepository Repository.cpp@66] ERROR:Failed to get the repository base type [DUMMY], type [DUMMY] [CacheCredentials], will use [0x00000001(true)]
    [2]d58.1648 02/03/2011-19:08:06.128 [usermgrcore whale::usermgr::CRepository::AuthenticateUser Repository.cpp@99] ERROR:This repository does not know how to authenticate user

    [2]d58.1648 02/03/2011-19:08:06.128 [usermgrcore whale::usermgr::CUserMgrCore::AuthenticateUser UserMgrCore.cpp@527] ERROR:Failed to authenticate [<NULL>]

     

    The question is:

    How we can accomplish our task, when we need users to authenticate against AD repository, but pass custom credentials during SSO to Exchange server for Outlook Anywhere?

    Thank you!

    Thursday, February 3, 2011 6:49 PM

Answers

  • Hi,

    I'm marking your question as answered, even though it hasn't been. It appears no one has been able to provide an answer. If the topic is still a concern, I would suggest you open a support case with Microsoft CSS, and an engineer will help you investigate the issue.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 17, 2011 11:23 PM
    Tuesday, May 17, 2011 11:23 PM

All replies

  • Thursday, February 3, 2011 11:03 PM
    Moderator
  • As I wrote before, Exchange has separate accounts from AD. Actually it is an external server.

    So we have AD repository for UAG trunk, then custom repository for OWA that maps AD user accounts to Exchange accounts and performs SSO. This works as expected.

    But when we tried to publish Outlook Anywhere, custom repository doesn't work. As it seems that Autodiscover application uses custom repository for NTLM authentication instead of trunk repository that is AD. To be clear, we still have AD repository for trunk, but custom repository for Autodiscover and RPC applications.

    When user from workgroup tries to connect to Autodiscover application Outlook pop-ups authentication dialog and it doesn't work when we have custom repository in Autodiscover application. If we switch that application to AD repository - authentication works.

    The question is why Autodiscover application uses custom repository for initial NTLM authentication and not trunk repository, as custom repository defined for SSO only?

    Is there any workaround to complete our task, e.g. map AD users to Exchange in Outlook Anywhere.

    Friday, February 4, 2011 5:33 AM
  • Any ideas?
    Wednesday, February 9, 2011 7:05 AM
  • Sorry dima, not used a topology like that...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, February 9, 2011 8:42 AM
    Moderator
  • Hi,

    I'm marking your question as answered, even though it hasn't been. It appears no one has been able to provide an answer. If the topic is still a concern, I would suggest you open a support case with Microsoft CSS, and an engineer will help you investigate the issue.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 17, 2011 11:23 PM
    Tuesday, May 17, 2011 11:23 PM