Change Timeout on OWA for one SBS user? 5

[wahnula]

Hello,

SBS2003SP1 Premium. I have a user that complains his OWA timeout is too short. I researched a bit and found it can be changed through an SBS registry change, but that would make it a global change and I don't want that. I have a feeling he leaves it open while he's on the 'Net and when he goes to check he needs to re-login, but he claims he gets up to, er, urinate and he's timed out. He also says by the time he finishes typing an email he needs to log in again.

I told him to set the logon page to "Private" and have the browser remember the password, speeding up his login time, but I have advised all other users to use the "Public" option.

Is there a way to change one users' timeout while leaving the rest as-is? I personally have no problem and apparently neither does any other user.

Tony

 

[ShackDaddy]

No, there's nothing on the server side that would control the time-out for a particular user in OWA. There are settings that might affect RWW sessions on a per-user basis, but not OWA.

<pure uninformed/unresearched conjecture>It may be possible that some cookies setting on his system may be blocking cookies and his session time window may be based on some default time-out created in absense of a cookie. As a result, his connection may be timing him out faster than others. If this is the case, there may be a client-side solution.</puuc>

ShackDaddy
Shackelford Consulting

 

[wahnula]

Shackdaddy

Thanks. Is there an easy way to increase the timeout for ALL the users besides futzing w/ the registry?

Tony

 

[ShackDaddy]

Well, I usually think of the registry as an easy place to make changes, but you can also make the change by doing the following:

Get properties on the default web site in the IIS admin.

Go to the Home Directory Tab.

Down under Application Settings, choose Configuration.

Choose the Options tab.

From there you can change the session timeout. By default it's 20 minutes on SBS2003.

ShackDaddy
Shackelford Consulting

 

[wahnula]

Well, I usually think of the registry as an easy place to make changes

Well yes if properly exported before, documented during so you can undo if necessary. I always prefer to play it safe with a working install. Thanks. 20 minutes is fine.

Tony

 

[ShackDaddy]

While some people are fine with letting me work on their servers, I think I'd rather have YOU work on my servers.

ShackDaddy
Shackelford Consulting

 

[markdmac]

Outlook Web Access (OWA) maintains internal settings for how long a given OWA session will remain open without the user needing to log back in. When this time limit expires, the user will be prompted for a new login for the sake of security.

OWA also maintains two separate values for timeouts -- one for logins from trusted clients (such as an intranet or a VPN), and another for logins from public clients (such as a shared computer). Both values are set in the registry on the Exchange server that hosts OWA, and can be edited depending on your needs.

The trusted-client timeout is stored as a DWORD, calibrated in minutes, at:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchange
WEB\OWA\TrustedClientTimeout

For public clients, it's a different value in the same branch:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchange
WEB\OWA\PublicClientTimeout (also a DWORD calibrated in minutes)

The default timeout for trusted clients is 24 hours; the default timeout for public clients is 15 minutes. The PublicClientTimeout value can never be larger than the TrustedClientTimeout value.



I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[wahnula]

markdmac,

Thanks for the input. As you know, when logging in to OWA, the client has (2) choices, one for "Public" and one for "Private" computers. I ask all my users to use "Public" but this particular user uses "Private Computer", as do I.

Following ShackDaddy's instructions above I was led to a timeout page that did indeed have a 20 minute default timeout, fine with me. Does the page indicated above by ShackDaddy not refer to OWA?

Editing the registry does not terrify me, I simply like to avoid it if possible. I have heard that stopping/starting the Explorer service has the same effect as rebooting to apply registry changes. Is this correct?

This will all be academic as my VPN is supposed to be online today, but inquiring minds want to know...

Thanks again for your input.

Tony

 

[58sniper]

Install the OWA WebAdmin app on your server. I'm pretty sure you can configure it there (as well as many other parameters, such as what attachments can be opened).

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[wahnula]

58sniper,

Thanks for the tip!

Tony

 

[ShackDaddy]

And Mark, thanks for your tip!

ShackDaddy
Shackelford Consulting

 

[TechSoEasyMVP]

You don't need to stop and start anything for registry changes of this type to take effect. Those settings are called upon when a user logs into OWA, not when the server starts.

But you may not need to do this at all... is this user accessing OWA from home? If so, perhaps he should be using RPC over HTTPS in Outlook 2003 instead of OWA.

RPC over HTTPS instructions are on the server's Remote Web Workplace main menu -- linked as "Configure Outlook via the Internet" -- access the RWW Main Menu by going to

http://localhost/remote

from on your server. (See

http://sbsurl.com/rww

for more info on RWW).

This feature must also be enabled in the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) by checking the box on the Web Services Configuration Screen for "Outlook via the Internet".



Jeffrey B. Kane
TechSoEasy

http://www.techsoeasy.com

 

[wahnula]

TechSoEasy,

We are all running Win2K here except me. I have a Sonicwall VPN that allows users to access their files from home, but not their desktops. Maybe in 2010 when Win2K reaches end-of-support. I have heard about problems caused by Roaming Desktop Profiles, is this true? And thank you for your contribution.

Tony

 

[markdmac]

Raoming Desktop profiles can cause problems, but typically only when the profile itself becomes corrupt. The question is do you really have users sitting at different computers all the time to need to use roaming profiles?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[wahnula]

do you really have users sitting at different computers all the time to need to use roaming profiles?

No. Just the boss. He's never here so he gets the office dog, a Via-500 based Soyo...not worth the bother now that he can log in from his house, about 200 feet form the office.

Tony

 

[TechSoEasyMVP]

I said nothing of roaming profiles... since you are using OWA I assumed you are connecting remotely. Having Win2K on your desktops doesn't stop you from using Outlook 2003, which is included with your SBS license...

Also, if you had joined your workstations to the SBS domain properly using the

http://<servername>/connectcomputer

method, Outlook 2003 would be configured automatically for whoever logs into whatever workstation... no need for roaming profiles.

So, I'm confused about what's going on here.


Jeffrey B. Kane
TechSoEasy

http://www.techsoeasy.com

 

[wahnula]

Having Win2K on your desktops doesn't stop you from using Outlook 2003, which is included with your SBS license...

Correct, but will RWW work with Win2K? I was told it does not. I was waiting to get my firewall hardened before allowing remote access, I contacted a local tech to assist w/ ISA installation, he recommended a sonicwall appliance as a superior solution. He helped set up OWA but not RWW.

RWW would be way easier than using the sonicwall VPN. I don't know why my MCSE local tech did not enable or recommend this, at least for my WinXP pro machine. He installed the sonicwall VPN client instead, which was "free".

Also, if you had joined your workstations to the SBS domain properly using the

http://<servername>/connectcomputer

method, Outlook 2003 would be configured automatically for whoever logs into whatever workstation... no need for roaming profiles.

Most of my machines are wireless. The WEP security is tied to the user, so each machine would have to be set up for every user for this to work. It works with the wired machines.

Have I been misled about RRAS? Is it simply a matter of enabling RWW and opening the appropriate ports on the sonicwall to allow all users to get to their desktops? Thanks for your assistance.

Tony

 

[ShackDaddy]

Tony, he's not talking about RWW. He's talking about RPC-over-HTTPS (to be known in the future as Outlook Anywhere).

That would allow LAN-style use of Outlook 2003 from remote locations, and would have nothing to do with internal workstations.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

ShackDaddy
Shackelford Consulting

 

[wahnula]

Wow. That looks a lot like the function that outlook 2007 will have by default in OWA. Although the config does not look simple (I have a feeling my local tech likes simple...and fast) it does not seem too much to tackle on my own. Just need a little time. I will give this more study, thanks ShackDaddy and TSE.

TechSoEasy, do you have a

http://www.sbsurl.com

link for initiating this feature? The more the merrier!

I wish I could award more than one star per post, you guys would have a galaxy! It is so nice to have this forum with patient and non-condescending advisors. If you're ever in the Houston area the Shiner Bock is on me!

Tony

 

[markdmac]

wahnula,

I think we all enjoy helping those that are grateful and actually want to learn.

You will find concise information on setting up Outlook over HTTP on the Microsoft web site.

http://technet.microsoft.com/en-us/library/92f1a371-86dc-4839-9732-5a85525a0874.aspx

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript