Video Screencast Help

prompt password and username when open archive explorer-how to make it disappear

Created: 16 May 2013 • Updated: 02 Jun 2013 | 5 comments
chikarizee's picture
This issue has been solved. See solution.

my scenario is exactly in of the article from symantec. But what confusing me is about the certificate?

detail: EV 10.0.3 for exchange mailbox

Scenario 5 - Accessing Archive Explorer or Search Archives Externally through OWA 2007

If ArchiveExplorer or Search Archives is accessed externally through OWA 2007 it is expected behavior to be prompted for authentication as the user is redirected from the OWA Server directly to the Enterprise Vault server and there is not a domain certificate since the user's computer is not currently connected to the Domain.

Operating Systems:

Comments 5 CommentsJump to latest comment

Twinkle's picture

Well it just mean you have to provide the Credentails every time you accessing the archvied data  externally .

Rob.Wilcox's picture

hmm, I'm not sure what the question is to be honest.

I've *always* seen that the prompt for credentials happens in the situation described.

Arjun Shelke's picture

OK let me know if I understand you correct. Users are prompted for username and password when connected externally while accessing AE or Search within OWA. And you found this scenario matching to an article. But you did not understand the certificate concept. And you want to know if there is any way to stop the credentials prompt?

There are 2 methods of authentications which we can use - Kerberos or NTLM. Kerboros works in domain environment based on tokens/certificates issued to users/clients which is IWA. Integrated Windows Authentication type does not require user to provide username and password when connected internally in a doamin environment.

When user connects externally, which means outside the comany network (domain network) then NTLM is used instead of Kerberos. NTLM uses Basic authentication type (Either Secured SSL or unsecured) where user name and passwords are sent to the authoticating server (thats how NTLM works). Hence user needs to provide username and password.

In our case, first user connects to OWA (CAS/ISA) and then when user clicks on AE or search, the request will be redirected to EV Server. On Enterprise Vault virtual directory if you see the type of authentications, its Basic and IWA. As users request is sent to EV Server, (which cannot use IWA because its not in internal network) and uses Basic auth type to grant the access. EV negociates the authentication methods based on how user/clients connecting to the server.

I hope this will answer your query.