Topic Last Modified: 2008-11-12

This topic provides information about how to work around an authentication issue that may occur when a Microsoft Exchange Server 2007 Client Access server is deployed in a reverse proxy environment.

When you publish an Exchange 2007 Client Access server behind Microsoft Internet Security and Acceleration (ISA) Server 2006, users who use Microsoft Office Outlook 2007 to access their mailboxes from a remote location may be intermittently prompted for their credentials.

Users experience this issue when Outlook loses connectivity with the Exchange server. This issue may occur in a high availability environment when a clustered Mailbox server fails over or when users have an unreliable Internet connection. This behavior occurs even if Outlook is configured to use Cached Exchange Mode.


When Outlook loses connectivity with Exchange 2007, Outlook 2007 falls back to the connection methods that are configured in the Autodiscover settings for the user and for Outlook.

To use the Outlook Anywhere feature over the Internet, you must configure the Outlook Anywhere URLs in Autodiscover. The Outlook Anywhere URLs must point to the Web listener on the external interface of ISA Server.

If Basic authentication is configured in the Autodiscover settings and if it is configured for the ISA Server Web listener, Outlook 2007 falls back to Basic authentication when Outlook loses its connection to the Exchange server. In this scenario, Outlook 2007 prompts the user for credentials to reconnect to the mailbox.


To allow for a seamless user experience in an environment that uses Outlook Anywhere together with Exchange 2007 published behind ISA Server 2006, you must use Integrated authentication on the ISA Server Web listener.

To use Integrated authentication on the ISA Server Web listener, ISA Server must be in the same Active Directory Domain Services forest as the Exchange servers.

For More Information

For more information about how to configure authentication and Autodiscover for Outlook Anywhere, see the following topics: