We have been deploying Exchange 2007 for a while now, on Windows Server 2003.  Most recently, I have deployed Exchange 2007 on Windows Server 2008 machines.  The one noticeable problem, while setting up the Client Access Server role on server 2008 was that the Offline Address Book(OAB) URL was not functioning properly.  You could access the OAB directory, only after IIS has been restarted or after the server restarts.  However, after a couple minutes, the site becomes inaccessible, with a permission error.  This also presents a problem to the end-users, as it asks them to authenticate to the OAB URL over and over again, but never actually accepts their credentials.  My initial work-around for this problem was to setup Basic Authentication with SSL. (which actually fixes the problem.)

I was not very satisfied with this work-around as NTLM should work with Exchange 2007 and Windows Server 2008.  After working with one of my colleagues Erik Enger, who stayed in touch with Microsoft, we discovered what the root cause of this problem was.  The problem seems to be related to Kernel-mode authentication.  When it is not enabled, the problem with the OAB IIS folder seems to go away.  We also applied these same settings to AutoDiscover and EWS folder.  This resolved our OAB and Outlook Anywhere authentication issues, using NTLM.  Before considering these settings for your environment; please review the security and performance implications in your environment, before accepting such changes.