Blog (at) Mreza.Info

I have seen some issues in the last month regarding repeated login prompts after installing Hotfix KB973917. Hotfix KB973917 is actually not a security Hotfix but it implements Extended Protection for Authentication in Internet Information Services (IIS).

KB973917 - Description of the update that implements Extended Protection for Authentication in Internet Information Services (IIS)

This article describes a non-security update that implements Extended Protection for Authentication in Internet Information Services (IIS).

When Extended Protection for Authentication is enabled, authentication requests are bound to both the Service Principal Names (SPN) of the server to which the client tries to connect and to the outer Transport Layer Security (TLS) channel over which Integrated Windows Authentication happens.

Link: KB973917

You can find many solutions in the wild – from uninstalling hotfix, enabling Kernel Mode Authentication on IIS Virtual Directories (Autodiscover, EWS, OAB and RPC). The real solution is installing Rollup 9 for Exchange Server 2007 SP1.

Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1

Update Rollup 9 for Exchange Server 2007 SP1 was released on July 16, 2009. These issues are fixed in Microsoft Exchange Server 2007 Service Pack 2 (SP2). So if you are using SP2 you are on a safe side. :)

Links:

• Download Update Rollup 9 for Exchange Server 2007 Service Pack 1 (KB970162)
• Description of Update Rollup 9 for Exchange Server 2007 Service Pack 1
• Download Exchange Server 2007 Service Pack 2
• Issues That Are Fixed in Exchange Server 2007 Service Pack 2