ME020550 - BUG: Secure Password Authentication (SPA) and (NTLM) does not work when MailEnable Integrated Authentication. (Auth against AD)


When NTLM authentication is enabled for a service, for a postoffice which is using Windows authentication, clients configured with SPA (Secure Password Authentication) cannot authenticate.


When MailEnable services authenticate against Active Directory using Integrated Authentication a username and password supplied by the email client are required.

The problem when using NTLM with Integrated Authentication is that the email client and the MailEnable service negotiate a successful login using an NTLM handshake method and in this process a password is not sent across (a hash of the password is sent instead).  Due to this MailEnable does not have a password to use when it tries to authenticate back to Active Directory.


Clients must disable SPA in order to authenticate against MailEnable when Integrated Authentication is enabled.

Keywords:SPA NTLM ntlm SSO sso spa ad active directory integrated authentication
Class:BUG: Product Defect/Bug
Revised:Wednesday, May 4, 2016