locked
sharepoint publishing gives prompt with the "connect to outlook" function RRS feed

  • Question

  • Hello Everyone,

    I'm using web publishing within TMG, behind my TMG i got several webservers. I experience problems regarding the sharepoint lists function within outlook that gives a prompt for the sharepoint list ( happens once when you open outlook)

    TMG uses 1 listener and recieves OWA, Outlook anywhere, sharepoint on that same listener.
    The listener is setup as FBA with AD.
    SSO is enabled.
    I've assigned an wildcard certificate so that shouldnt be any problem.
    Http and https allowed (http gets redirected.)

    SSO is working perfectly the way it does right now.
    TMG uses NTLM to authenticate towards my web servers.
    Clients authenticatie with their outlook with NTLM.
    TMG lets Outlook anywhere pass-through authentication directly towards my exchange server (running webserver for OWA.)

    Whenever i try to use the sharepoint lists within outlook i get the auth prompt (i guess it's because the outlook cant connect with NTLM against my FBA (from my web listener)  and then the outlook prompts for the Basic auth.)

    If i type the right credentials the function goes on and works perfectly.

    Is their any way i can get this auth prompt to disappear without having to change my authentication for outlook anywhere? Because i can't get the listener to fall back as NTLM instead of Basic.

    I did follow several webpages explaining how to setup a sharepoint publishing rule but no luck so far....

    I hope someone can help me so i can solve this problem.

    Greetings,
    Dennis
    Thursday, September 9, 2010 7:53 AM

Answers

  • Hi Dennis,

    FBA can only fallback to Basic. It has no mechanism to fallback on NTLM. FBA cookies can only be shared between browser based. Outlook is not a browser based client so I am not sure even when you change Outlook to Basic. You will still get the prompt.

    Tuesday, September 28, 2010 12:35 AM
    Moderator

All replies

  • Hi Dennis,

    FBA can only fallback to Basic. It has no mechanism to fallback on NTLM. FBA cookies can only be shared between browser based. Outlook is not a browser based client so I am not sure even when you change Outlook to Basic. You will still get the prompt.

    Tuesday, September 28, 2010 12:35 AM
    Moderator
  • In theroy, if you configure SharePoint to support Kerberos and then utilise KCD, you may be able to get the transparency you require...from memory, publishing SharePoint with KCD is not that easy, but achieveable...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 28, 2010 11:37 AM
  • Hi Mohit,

    Thanks for the reply, i've also had contact with microsoft itself and they advised me to use the configuration the way its setup now. you'll always get promped whether it will be for you connection between outlook anywhere and forefront or with the sharepoint function against forefront.

    Even though setting up a second listener so i can get outlook to authenticate versus my forefront the problem still persists.

    The part where we talk about the authentication back to basic is a non go for us in the first place, concidering we want to keep our exchange structure as plain as can be, so we are always able to switch back whenever needed. And if we did change the authentication i'll be forced to make all my users switch their authentication.

    So im gonna go with the configuratin the way its setup now, concidering the group of users isn't that huge.

    Thanks anyways!

    Greetings Dennis.

    Wednesday, September 29, 2010 6:25 AM
  • Hi Jason,

    i'm not really familiar with the kerberos authentication, is there a way to get outlook anywhere with (outlook auth set to ntlm) and an sharepoint list to work with kerberos in some way?

    I dont want to break my Single sign-on on the webpage concidering thats the main purpose for us using tmg.

    Delegation for sharepoint is now setup as NTLM.

    What changes are needed on the outlook anywhere delegation? and the Sharepoint?

    Greetings,

    Dennis

    Wednesday, September 29, 2010 6:31 AM