Authentication Delegation when Publishing Exchange 2007 Web Client Access – Watch Out for These Gotcha’s

Here are some “gotcha’s” about authentication delegation when publishing Exchange 2007 Web client access that you need to know about:

If Basic is selected for authentication delegation, the following Exchange 2007 features will not function as expected:

  • Outlook Web Access 2007 Web Part. Outlook Web Access 2007 Web Part requires Integrated Windows authentication configured on the /owa/* directory.
  • Proxying between Exchange Client Access servers in different Active Directory sites. This requires the configuration of Integrated Windows authentication on the Exchange Client Access servers.

If Negotiate is selected for Authentication delegation, the following will not work:

  • Access to mailboxes residing on Exchange 2003, through legacy folders, such as /public/*, /exchange/*, and /Exchweb/*. Access to these mailboxes via this method requires Basic authentication.
  • Clients that access the user’s mailbox through the legacy folders, such as Microsoft Entourage 2004 for Mac and custom written applications using WebDAV extensions. This requires Basic authentication.

Some of the features of Outlook Anywhere and Outlook Web Access that require the /ews/* path currently work only with Basic authentication. Unfortunately, I can’t tell you what these features are 🙂



Thomas W Shinder, M.D.


Email: [email protected]

MVP — Microsoft Firewalls (ISA)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top