Exchange 2010 SP1 Outlook Anywhere Issue when being published via UAG

By |2017-12-07T09:49:19+00:00February 11th, 2011|Exchange|0 Comments

Recent we came across an issue where certain users in our domain could not connect to Outlook Anywhere externally when connected via Direct Access.

The thing we found bizarre was that certain users could actually authenticate with exchange and another user who was practically identical couldn’t. Please note we had Kerberos constrained delegation set for Outlook anywhere.

When a broken user attempted to connect to exchange the following event was looged in the application log in UAG

Event ID 120

The S4U2Self Kerberos token for user Username with source IP address IP Address cannot be retrieved. Protocol transition failed. The application is Exchange 2010 on trunk TrunkName; Secure=1.

In the system log there were also Kerberos errors (Please not after Kerberos Logging has been enable on UAG server) and also the below errors were shown in Netmon.



To Fix this we added our UAG server to the Windows Authorization Access Group and then straight away everything sprang into life and every user could connect to Outlook via Outlook Anywhere Smile

Leave A Comment

like what you see? 

Sign-up to our newsletter and never miss out on the latest blogs, events and tech news from the world of risual
Give it a try, you can unsubscribe anytime.