Our security policy is such that all of our accounts require the Active Directory account setting "Smart Card is Required for Interactive Logon". Also, any Web Server port open to the Internet must require client certificate authentication (this includes
the Exchange EWS virtual directory). I can successfully connect Outlook 2011 to the Exchange server by choosing Kerberos as the authentication method as well as specifying my client certificate under the "Certificate authentication" section of the Accounts
-> Advanced -> Security tab in Outlook 2011.
However, when working remotely, the Kerberos ticket expires and users are unable to connect to Exchange. When they bring their Macs back to the local network, they are able to get a new ticket and connect Outlook again.
Is there a way to configure Outlook 2011 to use client certificate authentication only? Any other way to get Outlook 2011 to connect to Exchange remotely when the "Smart Card is Required for Interactive Logon" setting is enabled?
Thank you for any help you can provide.
Recent Comments