Outlook Anywhere with ESP and KCD Exchange 2016

Scope

Enable Kerberos Contained Delegation (KCD) with the Edge Security Pack (ESP) for Outlook Anywhere.

Note: Currently this configuration has only been tested with Microsoft Exchange 2016.

 

Configuration

 

1. Configure EWS and MAPI Sub-Virtual Services (SubVSs) with NTLM for Client Side Authentication and KCD for the Server Side Authentication.  

You will need to have a functioning KCD environment previously in place. Please refer to our KCD documentation for further information:

https://support.kemptechnologies.com/hc/en-us/articles/203860275-Kerberos-Constrained-Delegation

 

1.1 Navigate to your Exchange Virtual Service > EWS SubVS.

Enable NTLM in Client Authentication Mode.

Enable KCD in Server Authentication Mode and select your configured Server Side configuration.

 

 

1.2 Navigate to your Exchange Virtual Service > MAPI SubVS.

Enable NTLM in Client Authentication Mode.

Enable KCD in Serer Authentication Mode.

 

2.   Configure Outlook Anywhere for client side NTLM Authentication using ECP.

2.1 Log into ECP as an Exchange Administrator > Servers > Open (Double Click) Exchange Server > Outlook Anywhere > Specify Authentication Method for External Clients to use. Set to NTLM and Save.

 

Was this article helpful?

0 out of 0 found this helpful

Comments