If you are facing double hop, we must use Exchange Mediation or Kerberos Delegation

We have a Sharepoint 2010 environment with authenticated Windows AD users, we want to display a counter of inappropriate user mailboxes from Exchange 2007, but unfortunately we are facing a double jump as I asked this question here , after some more research, it looks like we only have two solutions

1- Use Exchange Impersonation:

My concern. Our user has sensitive information in his mailbox, so with Exchange Impersonation we can programmers become a security threat? or is this impersonation only happening for logged-in users who are authenticated on Windows ... just, is it just Exchange impersonation for my case?

2- Use Kerberos Delegation:

I know it correctly, but we were unable to configure it. Can anyone help me by providing a simple step-by-step guide for configuring Kerberos delegation for my case as we are doing everything right but the double hop is still happening.


source to share

1 answer

Delegation seems like a clean solution here. You will need to add Exchange Administrators to set up an Alternate Service Account (ASA) for Exchange so you can use Curb AuthN. From there, you will need to configure the Sharepoint service accounts to delegate to the SPN http / foo.domain.com to the ASA.



All Articles