Authentication Extender Security Requirements
- Running the Authentication extender as “Local System” and granting “Local System” delegation rights to HTTP services on your Lync Front ends and Directors as well as Exchange CAS servers being published by SphereShield for SfB.
- In IIS, the Webticket service on the external web site on each Front End needs to have the "Negotiate" authentication method enabled.
- In IIS, the Autodiscover and EWS services on each Exchange CAS in use also needs to have the "Negotiate" authentication method enabled.