As soon as a credential is added to the authentication package, all client access services can use it for Kerberos authentication.
When credentials are added or removed, the Kerberos authentication package on the local system and the network service context is updated. This service host extension monitors the local computer. The Microsoft Exchange Service Host service that runs on the Client Access server (CAS) role is extended in Exchange Server 2010 SP1 to use a shared alternate service account (ASA) credential for Kerberos authentication. Recommendation: Enabling Kerberos Authentication for MAPI Clients More Information To work around this behavior, Microsoft Exchange Server Service Pack 1 (SP1) includes new functionality that lets you configure Kerberos authentication for MAPI email clients in a Client Access server array.įor more information about how Kerberos authentication worked in earlier versions of Exchange Server and about the changes in Exchange Server 2010 that prevent Kerberos authentication from working with MAPI email clients, see the following blog post on the Exchange Team blog:
Because of changes in Exchange Server 2010, MAPI email clients can't use Kerberos authentication to connect to a mailbox when a Client Access server array is being used. For Microsoft Exchange Server 2010 deployments that have more than one Client Access server in an Active Directory site, the topology frequently requires a Client Access server array and a load-balancing solution to distribute traffic among all the Client Access servers in the site.
0 kommentar(er)
