When NTLM authentication is enabled for a service, for a postoffice which is using Windows authentication, clients configured with SPA (Secure Password Authentication) cannot authenticate.
When MailEnable services authenticate against Active Directory using Integrated Authentication a username and password supplied by the email client are required.
The problem when using NTLM with Integrated Authentication is that the email client and the MailEnable service negotiate a successful login using an NTLM handshake method and in this process a password is not sent across (a hash of the password is sent instead). Due to this MailEnable does not have a password to use when it tries to authenticate back to Active Directory.
Clients must disable SPA in order to authenticate
against MailEnable when Integrated Authentication is
|Keywords:||SPA NTLM ntlm SSO sso spa ad active directory integrated authentication|
|Class:||BUG: Product Defect/Bug|
|Revised:||Wednesday, May 4, 2016|