How to configure Outlook 2011 Authentication to Exchange 2007 Server when the user’s Active Directory account is set to “Smart Card is Required for Interactive Logon”

04. April 2013 · Write a comment · Categories: Outlook for Mac · Tags: ,
Our security policy is such that all of our accounts require the Active Directory account setting "Smart Card is Required for Interactive Logon".  Also, any Web Server port open to the Internet must require client certificate authentication (this includes the Exchange EWS virtual directory).   I can successfully connect Outlook 2011 to the Exchange server by choosing Kerberos as the authentication method as well as specifying my client certificate under the "Certificate authentication" section of the Accounts -> Advanced -> Security tab in Outlook 2011.  

However, when working remotely, the Kerberos ticket expires and users are unable to connect to Exchange.  When they bring their Macs back to the local network, they are able to get a new ticket and connect Outlook again.

Is there a way to configure Outlook 2011 to use client certificate authentication only?  Any other way to get Outlook 2011 to connect to Exchange remotely when the "Smart Card is Required for Interactive Logon" setting is enabled?

Thank you for any help you can provide.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.