Outlook Negotiate/NTLM authentication credential prompt

Similar Messages

• Outlook Anywhere, NTLM, TMG, password prompt but cancels works?

  I've managed to get NTLM authentication working with TMG and Exchange 2010 (Make sure you switch your Application Pool for the RPC app over to a local system!). We also run Lync.
  So here is the thing. I log into a domain laptop with cached credentials and then connect to a Verizon access point. Now Lync connects automatically no password needed. Then I open Outlook which connects no problem no password needed!
  Awesome that is what I wanted. Then after about 30 seconds......password prompt. If I enter the password everything is good. If I click cancel the little need password icon is displayed down at the bottom of outlook. I click on that and outlook reconnects
  without me ever having to enter a password.
  I have been watching the log on the TMG server and I don't see anything odd going on other than and occasional Status 64 The specified network name is no longer available error which I understand from other posts is by design.
  It's not a show stopper by any means but I just don't understand what is going on here. Anyone have any ideas? 

  Hello,
  Firstly, please test Outlook Anywhere in an internal environment:
  On a internal outlook client, check on “on fast networks, connect using http first, then connect using TCP/IP”.
  If the issue does not work, the issue is related to the TMG, you may need to inquiry on the TMG forum for more accurate suggestions.
  Thanks,
  Simon Wu
  Exchange Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Exchange 2013 & 2010 coexist problem. Authentication Credentials Prompt in Outlook

  Hello Forum
  We have two Exchange servers coexisting together. A new 2013 and a old 2010.
  Everything was setup with the help of the Exchange Deployment Assistant.
  I have had alot of trouble with Outlook 2013 Prompting for credentials on Exchange 2013 Mailboxes. None of the 2010 Mailboxes expericence this popup.
  I solved most of the popup issues with this by changing the ExternalClientAuthenticationMethod to ntlm.(from negotiate)
  http://blog.gothamtg.com/2013/10/15/users-constantly-prompted-for-credentials-after-being-migrated-to-exchange-2013/
  and installing this update for Outlook:
  http://support2.microsoft.com/kb/2899504/en-us
  Now 2013 Mailboxes Work without any anoying popups. Except when they try to open another users mailbox that is located on the old 2010 server or a shared 2010 calander.
  The connection to Exchange 2010 is working if I input the users password, but should it not work without this popup too?
  This connections name acording to Outlook is called: Exchange-Mail RPC/HTTP (remote [NTLM])
  We use the same domain for external and internal autodiscover connections.
  Test Exchange Connectivity Analyzer shows everything ok.
  If i run
  get-outlookanywhere | fl *external*
  (2013 server)
  ExternalHostname                   : webmail.domain.com
  ExternalClientAuthenticationMethod : Ntlm
  ExternalClientsRequireSsl          : True
  (2010 server)
  ExternalHostname                   : webmail.domain.com
  ExternalClientAuthenticationMethod : Basic
  ExternalClientsRequireSsl          : True  
  Only one thing I am wondering here is. If I change my old 2010 Auth Method to NTLM if that will break anything i OWA and so on.
  What do you Guys have setup in your environments and can you point me towards any troubleshooting?
  Thanks!

  For us, the changes made in IIS are permanent, there quite possibly is a powershell way of doing it but I am still getting to grips with PS myself so I don't know.
  I wont plagiarise others work but these two links here give a good explanation between Basic and NTLM. personally, I have always used basic because I always seem to get problems with NTLM, though one time it did work as expected but I forgot what I did to
  get it working now.
  https://social.technet.microsoft.com/Forums/exchange/en-US/92178beb-3310-4363-8848-d022a6e2a77f/basic-vs-ntlm-authentication-outlook-anywhere
  http://www.sysadminlab.net/exchange/outlook-anywhere-basic-vs-ntlm-authentication-explained  

• NTLM Authentication in the Outlook Anywhere

  I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
  When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
  get-OutlookAnywhere:
  ServerName                 : SRVEXCH2
  SSLOffloading              : False
  ExternalHostname           : mail.my_domain.ru
  ClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods   : {Ntlm}
  MetabasePath               : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
  Path                       : C:\Windows\System32\RpcProxy
  Server                     : SRVEXCH2
  AdminDisplayName           :
  ExchangeVersion            : 0.1 (8.0.535.0)
  Name                       : srvexch2
  DistinguishedName          : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
                               FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
                               ervices,CN=Configuration,DC=net,DC=local
  Identity                   : SRVEXCH2\srvexch2
  Guid                       : 2c24f11b-852c-4948-b236-3f37d071d500
  ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                : 18.02.2009 14:17:55
  WhenCreated                : 17.02.2009 14:53:36
  OriginatingServer          : dc1.net.local
  IsValid                    : True
  I have tried this cases, but they have not helped for this issue:
  1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I  also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
  2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
  3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
  4) Install domain controller and global catalog roles on the Exchange Server.
  Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?

  Have you also seen this:
  You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
  http://support.microsoft.com/kb/820281
  1.
  Click
  Start,
  click Run,
  type regedit in the Open
  box, and then press ENTER.
  2.
  Locate
  and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  3.
  In
  the right pane, double-click lmcompatibilitylevel.
  4.
  In
  the Value data
  box, type a value of 2 or 3 that is appropriate for your environment, and
  then click OK.
  5.
  Quit
  Registry Editor.
  6.
  Restart
  your computer.
  LmCompatibilityLevel
  settings
  The
  LmCompatibilityLevel registry entry can be configured with the following
  values:
  LmCompatibilityLevel
  value of 0:
  Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
  (NTLMv2) session security. Clients use LM and NTLM authentication, and
  never use NTLMv2 session security; domain controllers accept LM, NTLM, and
  NTLMv2 authentication.
  LmCompatibilityLevel
  value of 1:
  Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers accept LM, NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 2:
  Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 3:
  Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 4:
  (Server Only) - Domain controllers refuse LM responses. Clients use NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers refuse LM authentication, and accept NTLM and NTLMv2
  authentication.
  LmCompatibilityLevel
  value of 5:
  (Server Only) - Domain controllers refuse LM and NTLM responses, and accept
  only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
  session security if the server supports it; domain controllers refuse NTLM
  and LM authentication, and accept only NTLMv2 authentication.
  Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

• OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

  We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
  public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
  string strFileUrl = string.Empty;
  RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
  BinaryReader b = new BinaryReader(FileInput.InputStream);
  byte[] binData = b.ReadBytes(FileInput.ContentLength);
  repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
  repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
  strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
  return strFileUrl;
  Although we are setting the network credential in the client call we still get the error
  - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
  Ideas?
  Thanks in advance.

  Hi,
  Based on the error message, the issue is related to the authentication type.
  I suggest you can specify the credential type like the below:
  CredentialCache credentialCache = new CredentialCache();
  NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
  credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
  Here is a detailed code demo for your reference:
  http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
  Best Regards
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jerry Guo
  TechNet Community Support

• Linked mailbox credential prompt.

  We have setup a link mailbox between to different domain all is ok..
  just want to clarify if it is normal that every time i open the outlook client of the linked mailbox it will prompt for its credetials? even if the domain account login is the link mailbox account also?
  if it is not please let me know what authentication method i should change ot this is normal for a link mailbox??
  thanks in advance!!

  Hi,
  To understand more about the issue, I’d like to confirm the following information:
  1. Check the authentication method in the tab named Exchange proxy settings.
  2. Is there firewall between the two domans?
  3. Does the credential accept password of keep prompting?
  4. Cancel the credential prompt and then run "Test Email AutoConfiguration" to see if there is any error return.
  5. Does the credential appear if you run Outlook with online mode?
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Adobe Flash NTLM Authentication Issue

  This problem is having a major impact for many users in my account.
  The users are testing streaming course ware delivery over the Internet and also hitting the proxy re-login prompt.
  The problem with them is that after re-logging in the course restarts at the beginning.
  So it is not a fit for purpose environment for this application currently.
  The same problem occurs for companies webcast through Internet.
  Recent test with the users have confirm the issue occurs using the following version of flash:
  Adobe Flash Player ActiveX 11.1.102.55
  Adobe Flash Player ActiveX 11.1.102.62
  The Shockwave Flash NTLM authentication issue is characterised by the following packet sequence: WS sends Request to Server. Server closes the TCP connection without a response to the request. The WS establishes a new TCP connection and resend the request with previous NTLM Authentication details (ie does not go through the correct NTLM handshake for proxy authentication failure and the browser to pop for user credentials.
  When the above occurs,
  NTLM authentication screen popup up, entering credential again didn’t resume video. I had to reload the page to resume video from the beginning.
  No popup, but the video resumes from the beginning when there was a prolonged delay.
  The problem occurs on Windows XP SP3 with IE7 or IE8 with Flash Player 11.1.102.62
  Is the problem a known issue with Adobe Flash Player ?

  Hello,
  The bug report states can not reproduce. I understand the problem and am happy to help Adobe understand if they want to email me and organise a webex.
  The problem is associated with the way IE handles NTLM on a new connection. When performing a POST request, it will make two requests: the first contains a type1 NTLM token and no body, and the second will contain the type 3 token and the body. It does this because it expects to perform NTLM authentication as NTLM is connection not session based, and hence for efficiency, it doesn't send the POST body on the first request (knowing a second request will be required).
  The POST request initiated by the Flash application is only made once, so it presents a POST request and no body with the type 1 token to the web server (ie IIS, or some Java implementation such as SSO Plugin), and does not make a second request with a type 3 token and the body. It gives up and automatically prompts the user for a username/password, which is the wrong behaviour when the browser is in the Local Intranet zone and the web server responded with a type 2 token.
  I can reproduce this easily and it is a serious bug: it means that any Flash application that is accessed via Integrated Windows Authentication and IE will fail when trying to make a POST request, such as uploading a file from the user.
  John
  SSO Plugin for BMC, HP and more.
  http://www.javasystemsolutions.com/jss/ssoplugin

• Exchange 2013 SP1 On-prem - Disable Outlook Anonymous NTLM?

  I'm aware there is a Group Policy admin template available to force Outlook to request only NTLM or basic authentication, however, I'd like to disable Outlook Anonymous NTLM on the server side in our Exchange 2013 SP1 on-premises installation.
  Is there a method to disable Anonymous NTLM for Outlook client connections for the cas or organization?  I've tried the "Set-OutlookAnywhere" InternalClientAuthenticationMethod and ExternalClientAuthentcationMethod but Outlook is still
  able to connect with Anonymous Authentication selected for the logon network security.
  Thanks
  John Lowery

  Hi Jim,
  No luck. I checked the CAS Default Web Site\Rpc Authentication and the MBX Exchange Back End\Rpc as well, and both have Anonymous Authentication disabled.  However, Exchange still allows Outlook to establish Anonymous NTLM connections.
  My understanding is that the Authentication controls for the web site do not control the Outlook RPC over HTTP connection.
  I have been able to use an administrative template to force Outlook clients to avoid Anonymous NTLM, but I would prefer to enforce it on the CAS or MBX, because doing it on the client side causes Office 365 Exchange connection failures - there's no way to
  specify connection restrictions only for on-premises servers. See
  http://support.microsoft.com/kb/2975918.
  Thanks,
  John

• FDM 11.1.1.3 Now NTLM Authentication Disabled

  Hi Everyone,
  I've just upgraded from 11.1.1.2 to 11.1.1.3. Now when I go in to the Load Balance Manager, NTLM authentication is Disabled.
  I am prompted when I try to edit that the provider type must be configured directly in Shared Services. I have an authentication type of NTLM that all other products are using.
  Does anyone know how to Enable NTLM for FDM?
  Or a work around setting up Shared services with FDM. I cannot see any FDM references in SS
  Thanks
  G

  Hi,
  Thanks for your quick reply. I have done all the upgrades and configuration you mention. All successful.
  What authentication method should be in SS and where are the references to FDM? I have NTLM & Native (OpenLDAP)
  Surely I should I see a reference to FDM in the Application groups and when I provision users. (I don't currently)
  Thanks
  G

• Constant Credential Prompts

  Hi all,
  I've got a Windows 7 Pro SP1 64Bit machine, connected to a SBS2008 domain, which is exhibiting a strange issue.
  In the last month or so, one user has complained about being prompted for credentials when opening documents from a mapped drive. Even if he enters the correct credentials, it keeps on prompting, almost like the incorrect credentials have been entered.
  The strange thing is, this only happens when Outlook 2010 is open. With Outlook closed, the user can open the documents without any issues, and no credential prompts.
  The user can log in to the machine, browse the shares and open documents, providing Outlook is not open.
  I've recreated his Windows profile, and the issue appeared to have gone away, but now, two weeks later the issues has reoccurred.
  I've tried opening a Word document, and am being prompted for credentials. If I cancel the request, I get a pop-up error saying - "The Internet address 'http://servername/share/docname' is not valid."
  As mentioned, I've recreated the user profile, Outlook profile, opened Outlook in safe mode, and disabled all the add-ins, but still have this issue when Outlook is open.
  Any help would be greatly appreciated.
  CheersJéan

  It sounds like the user is changing passwords after having had Windows store them for him. Windows will keep trying to connect with the old password, then fail and prompt for the new one. Try clearing out the stored passwords:
  In Control Panel click Credential Manager, find the appropriate credentials (Outlook, Windows, possibly others), click the dropdown arrow and then click Remove from Vault.
  Good luck!

• Safari proxy NTLM authentication on Lion

  I working on an (let me say "enterprise") oddly problem. To connect to Internet our company make use of a http proxy, based on TrendMicro IWSS, configured to authenticate users with AD credential, forcing digest authentication with NTLM.
  The loginout windows on safari reports "unencrypted" , but analyzing tcp/ip traffic with Wireshark, it really seems that NTLM has been used and so password is really crypted....anybody has noticed such behaviour ?

  I have noticed this too when trying to connect to a Sharepoint server.
  Reading elsewhere suggests this message "Your password will be sent unencrypted" is meant to come up when "Basic" authentication is requested by the server, which is understandable.
  However, when I look at the headers coming back from the Sharepoint server, it is only offering NTLM authentication.
  It kinda looks like the Safari developers wrote the following, back when there was only Digest and Basic:
  if (method != Digest) {
       Complain about unencrypted passwords
  whereas they should have done
  if (auth method == Basic) {
       Complain about unencrypted passwords
  Or something similar.

• Public-facing on-premises SharePoint with NTLM authentication

  I've been searching for authentication best practices for public-facing SharePoint site but I didn't find any useful resources on the issue that is troubling me.
  Assume I set up a web application with Classic NTLM authentication. On that web application I enable
  Anonymous access. This means that users inside organization's network will be able to authenticate (actually use SSO) using organization's DC. They will be able to access and administer all content. All other anonymous users will be able to see
  published content only i.e. content which is permitted to anonymous users.
  My question is: Is this kind of setup a security issue because if a potential attacker hacks a WFE then he has direct access to DC?
  Is FBA maybe a better solution for public-facing sites? Or maybe use NTLM, but create a separate domain with one-way trust to organization's domain?

  There are many variations you can take with this - and really you need to consider more than just your content. For true separation:
  I would have a dedicated DC to manage service accounts.
  I would break up my DMZ behind firewall contexts with a reverse proxy publishing SharePoint at the edge.
  proxy/firewall -- SP Server -- Firewall -- SQL/DC
  For true separation you don't want to share any underlying infrastructure with internal either, although in reality logical separation is usually enough.
  Now you have to deal with internal user authentication and how to handle that. The first thing is I would have at minimum two webs available, your primary for editing and the extended version for public access.
  While a one way trust would work - you still do expose user info out to the public which you may not want. With this configuration you could configure people picker to only select from a particular OU to minimize this.
  Another option however is to look at using ADFS between your domains and create the trust there. You would have to configure the farm for claims auth to make this work, but this would eliminate the possibility of probing all the users in AD or the OU you expose.
  With the ADFS method when you update documents you user name is still tagged to content - however if you don't populate the user profiles this will be the only information available about any internal user.
  You may even want to go a step further and when you extend the public site, use forms authentication but don't provide any users. Then there is no authenticated access from the public URL. And with ADFS/Reverse Proxy may you even be able to configure some pre
  authentication for your internal users before they can even reach the internal SharePoint pages.
  I would strongly consider moving to SharePoint 2013 and looking at the cross site publishing (2010 and below have the content publishing - but stay away from that, when it works it's great, but when it doesn't it's a PITA to get back in sync). with cross site
  publishing you have an editing site and the publishing site pulls from the Search index and the permissions are completely separate.

• Crystal Report Viewer Credential Prompt for Report with Dynamic Parameters

  The .NET Crystal Report Viewer is prompting for database credentials when launching a report containing dynamic parameters. This only occurs for reports created with SAP Crystal Reports 2011 designer. Reports created with Crystal Reports XI designer (where dynamic parameters were first introduced) work correctly.
  The credential prompt window contains the following fields:
  - Server Name: <server name> (disabled)
  - Database Name: <database name> (disabled)
  - User Name: <empty> (enabled)
  - Password: <empty> (enabled)
  - Use Single Signon Key: false (disabled)
  The values in the prompt window which are disabled are the database connection values used during the design of the report in the SAP Crystal Reports 2011 designer.
  Expected Result:
  - No prompt for database credentials.
  - Values read from the database should be populated in a drop down for the dynamic parameters.
  Environment:
  - Visual Studio 2010 (C#)
  - Windows 7 Enterprise
  - SAP Crystal Reports runtime engine for .NET Framework 4
  - SAP Crystal Reports, version for Visual Studio 2010
  - SAP Crystal Reports 2011
  The database connection is being set to use a DSN. It must be a DSN as the calling application is only aware of the DSN/Username/Password values. These values are being passed to the Crystal Report Viewer contained in a Windows form.
  The database connection for the report is being set as follows:
  foreach (InternalConnectionInfo internalConnectionInfo in this.report.DataSourceConnections)
      // Must set the UseDSNProperties flag to True before setting the database connection otherwise the connection does not work
      if (internalConnectionInfo.LogonProperties.ContainsKey("UseDSNProperties"))
          internalConnectionInfo.LogonProperties.Set("UseDSNProperties", true);
      // Supposed to set the database connection for all objects in the report (ie. main report, tables, sub reports)
      internalConnectionInfo.SetConnection(this.DSN, string.Empty, this.LoginName, this.Password);
  The SetConnection method's signature is as follows:
     SetConnection(string server, string database, string name, string password)
  As you can see from the code snippet above I am setting the DSN name as the server parameter, blank for the database parameter (a database connection using DSN should only require DSN name/Username/Password) and the database username and password respectively.
  Is this a SAP bug?
  Is this the correct way of setting the database connection to use a DSN?
  Is there some other properties that need to be set somewhere else in the report through code?
  Any help would be greatly appreciated.

  Thanks for the pointer to the database connection code generator. After taking a look at the output from the tool I was able to finally get the dynamic parameters to load and populate properly without prompting for credentials. I needed to tweak the outputted code a bit to match my requirements of using a DSN only connection.
  Instead of updating the database connection properties contained within the Report.Database.Tables collection from the CrystalReports.Engine namespace, I changed it to replace the database connection properties in the Report.ReportClientDocument.DatabaseController.Database.Tables collection from the CrystalDecisions.ReportAppServer.DataDefModel namespace. For one reason or another, using the RAS namespace solved the problem.
  Below is the updated code with the change made:
  using RAPTable = CrystalDecisions.ReportAppServer.DataDefModel.Table;
  foreach (InternalConnectionInfo internalConnectionInfo in this.report.DataSourceConnections)
      // Must set the UseDSNProperties flag to True before setting the database connection
      if (internalConnectionInfo.LogonProperties.ContainsKey("UseDSNProperties"))
          internalConnectionInfo.LogonProperties.Set("UseDSNProperties", true);
      // Sets the database connection for all objects in the report (ie. main report, tables, sub reports)
      internalConnectionInfo.SetConnection(this.DSN, string.Empty, this.LoginName, this.Password);
  // The attributes for the QE_LogonProperties which is part of the main property bag
  PropertyBag innerPropertyBag = new PropertyBag();
  innerPropertyBag.Add("DSN", this.DSN);
  innerPropertyBag.Add("UserID", this.LoginName);
  innerPropertyBag.Add("Password", this.Password);
  innerPropertyBag.Add("UseDSNProperties", "true");
  // The attributes collection of the tables ConnectionInfo object
  PropertyBag mainPropertyBag = new PropertyBag();
  mainPropertyBag.Add("Database DLL", "crdb_ado.dll");
  mainPropertyBag.Add("QE_DatabaseType", "OLE DB (ADO)");
  mainPropertyBag.Add("QE_LogonProperties", innerPropertyBag);
  // Pass the database properties to a connection info object
  ConnectionInfo connectionInfo = new ConnectionInfo();
  connectionInfo.Attributes = mainPropertyBag;
  connectionInfo.Kind = CrConnectionInfoKindEnum.crConnectionInfoKindCRQE;
  connectionInfo.UserName = this.LoginName;
  connectionInfo.Password = this.Password;
  // Replace the database connection properties of each table in the report
  foreach (RAPTable oldTable in this.report.ReportClientDocument.DatabaseController.Database.Tables)
      RAPTable table = new RAPTable();
      table.ConnectionInfo = connectionInfo;
      table.Name = oldTable.Name;
      table.QualifiedName = oldTable.QualifiedName;
      table.Alias = oldTable.Alias;
      this.report.ReportClientDocument.DatabaseController.SetTableLocation(oldTable, table);
  this.report.VerifyDatabase();
  Thanks again Ludek for the help.

• Invoking a Web Service that Requests NTLM Authentication in BPEL Process

  Hi,
  I am trying to invoke a webservice which requires NTLM Authentication.able to test the service through SOAP ui .
  Followed the steps memntioned in the oracle doc in order to invoke the same service through BPEL Process, some how I am facing issue when BPEL invokes the service. Here is the error message
  oracle.fabric.common.FabricException: oracle.fabric.common.FabricException: Error in getting XML input stream: Response: '401: Unauthorized' for url:
  Oracle doc link  :-
  http://docs.oracle.com/cd/E28280_01/admin.1111/e10226/soacompapp_secure.htm#BABJEBIF
  http://www.albinsblog.com/2014/04/oraclewebservicespreemptivebasicauth.html#.VK5UEiuUeFM
  The above link discuss about the properties that need to be set in composite.xml file in order to invoke the service.
  I am using SOA 11.1.1.6,  tried to implement the same steps but i could see the error message "Unauthorized for url ********** "
  Could you please help me on this.
  Thanks

  Hi Guys ,
  Got to kow that this is a bug. Some how following link helps in sending the payload to webservice which requires NTLM authentication thru JAVA.
  Thoughts Oracle SOA OSB: NTML Authentication - Oracle SOA suite
  Thanks

• Windows NTLM Authentication on SAP 4.6c (Platform AIX)

  I am trying to use NCo 2.0 for C# .Net application with Web Service and C# Web UI.
  My Users are in AD domain and need to authenticate on IIS via AD (Integrated NTLM)
  I need to implement single sign on for SAP integrated application.
  As per NCo documentation: I need to set-up trust relationship between IIS and SAP, use this trusted user (DOMAIN\IUSR_SAPPOOL) and send active directory  id as external id in connection string. All transaction should run with external user id context.
  Can someone help me with following question.
  1. Does NTLM trust relationship / authentication on SAP running on AIX? or Do I have to setup kerberos authetication?
  2. What SNC library needed for SAP (AIX instance)?
  3. How can I configure NTLM authentication on SAP (AIX instance) The NCo 2.0 documents only explains SAP (MS instance) configuration.
  What option do I have to get Single Sign On working?
  Any help is highly appreciated.
  Regards and Thank you in advance.

  > Hi Reiner,
  > Thank you very much for response, this is helpful
  > information.
  If you consider an answer as helpfull, please mark it with the button on the left side :-).
  > My options are pretty much limited,
  > I can't use NTLM since, AIX will not accept trust
  > -- NTLM Auth will not work with AIX
  > -- Kerberos auth have to have third party tool like
  > CyberSafe for SNC trust relationship.
  As I wrote, you can use any SNC provider. Especially Secude would be interesting, as it is available on all platforms.
  > I planning to try using SSO as mentioned in "Enabling
  > Single Sign-On for ASP.NET Applications in Enterprise
  > Portal 6"
  > Is this approach works with EP 5.0?
  This is a completely different approach: In the stuff I was writing to you before I was assuming that IIS would do the authentication. The other approach is that SAP Portal does it. This also works - EP 5.0 should be fine - but it works completely different. E.g. you doesn't need a trusted connection for SSO with MYSAPSSO2 ticket.
  > If any one has "sapsecu.dll" please send me at
  > [email protected] with same size as stated in
  > this document.
  This DLL is not allowed to be exported into some countries because it contains strong cryptography. You usually get it via your local SAP subsiduary.
  > My SSO ticket did not get created after following
  > steps in document, I am suspecting either sapsecu.dll
  > or veryfy.pse is wrong?
  Did you find a MYSAPSSO2 cookie in the request?