Update 4/26/11: This post has been updated to include additional steps to ensure Kerberos authentication can be used for OAB downloads by domain-connected Outlook clients. With Exchange 2010, ...
Updated Jul 01, 2019
Version 2.0
Blog Post
You mention "External or Internet-based clients that use Outlook Anywhere won’t use Kerberos authentication as they cannot directly contact a KDC." Why is this true for Internal OA clients? Is this true both the HTTP level auth as well as the RPC level auth when doing RPC Encryption?
I'm trying to figure out if Outlook Anywhere can do Kerberos for the RPC auth, regardless of the HTTP auth. I posted this question to the forums, but haven't found a diffinitive answer:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/7e5005e7-323d-48aa-b2a9-7a81dbfe84c6?prof=required
Most everything seems concerned with the HTTP auth (I see only Basic, NTLM supported), but nothing is really addressing the RPC level auth with OA. In practice, even with Outlook set to "Kerberos Only" RPC auth, I still see NTLM being used.
Thanks,
-Lee