Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
1
Replies

Configuring NTLM authentication on ACE 4710

networking_nwis
Level 1
Level 1

‎06-11-2012 05:49 AM

Hi all,

     We are deploying a Microsoft Exchange 2010 server environment, which will have a ACE 4710 front end.  What we are finding is that if a server goes down, a client will need to re-authenticate to a new server.  The server team has informed me that if they use Microsoft SLB this does not happen.  They have also mentioned that we are getting basic authentication, rather than NTLM.  As a result I have read several posts/articles which mention forcing NTLM on the ACE, but none go into real detail.

     A couple of official Cisco documents point to having the Exchange Server, and Client both set to use NTLM.  So on the server you do not need to select MAPI encryption.  I am told this is not an option here, because a multitude of clients are supported, from Outlook 2003, through to 2010.

     Any pointers would be much appreciated.

     Mike.

Labels:
0 Helpful
1 Reply 1

Borys Berlog
Cisco Employee
Cisco Employee

‎06-11-2012 11:27 AM

Hi Mike

Could you please clarify what exactly you need to achieve ?

Because e.g. if you have serverfarm with 3 servers, and ACE which loadblance some traffic to them, then ACE can't be responsible for any of things you described.

I mean - Decision about what authentication Basic or NTLM to use, is made on Client/Server side, not on some device which is responsible for redirection traffic. ACE can't be  some kind of Authentication Gateway.

Regarding reauthentication, it's not clear either. E.g client was authenticated on server #1 , it failed, how server #2 can know that client was authenticated on server#1. They should have some kind of synchronization in this case, but it's definitely should run on MS side.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents