OWA asking for credentials when opening email after logon 2

[Daveyd123]

We have 2, 2003 OWA servers that are acting as Front End servers. Theses servers use Forms Based Authentication. They connect to an Exchange 2003 SP2 backend server.

Over the past couple of days, we have had users complaining that after they log into OWA, they click an email to read it and instead of the email popping up, the OWA login screen pops up forcing them to log in to view their email. If they view their email in the preview pane, it also has the OWA login screen.

The only thing I could find while searching Google was to make sure that Anonymous access on the ExchWeb virtual directory was enabled in IIS...which it is on both OWA servers

The odd thing is, if I browse to the FQDN of the our OWA server (mail.mydomain.com), I expierience the same issue of having to log bach in when I click on an email. But, if I browse to the actual server name (owa-server.mydomain.com) I receive the IE certificate warning, which is too be expected since the SSL cert is tied to "mail" whereas the machine name is not...and I click on an email and the IE cert warning pops up again and I click to continue, I can read the email and do not have to log back in. Any other emails I open after that open fine.

I have rebooted both OWA servers but the issue still persists.

 

[Daveyd123]

Anybody?

 

[58sniper]

Are you doing some load balancing? If so, detail the setup of that. I suspect there is some affinity issues going on.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[Daveyd123]

Just DNS load balancing (2internal DNS host records for "mail") for internal users and load balancing through an ISA server for external users. It seems to be mostly an internal issue as I do not see it happening when I access OWA from home

 

[58sniper]

DNS round robin is never a good idea. If one server goes down, DNS doesn't know, and continue to redirect 1/2 the users to the down server.

When it happens, grab the IIS logs from both servers and see if your client is shown in both. It shouldn't be, but I suspect it is.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[Daveyd123]

We do not have a lot of internal OWA users so DNS round robin for "mail" has worked well for years...well until this odd issue recently.

Are you thinking that opening an email and getting the FBA authentication screen might be an issue of accessing both Front End OWA servers each time an email is opened?

 

[58sniper]

I'm wondering if you're logging into one server, and when opening some emails, getting to the second server, which would require re-authentication.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[Daveyd123]

I was thinking along those lines as well. I will be shutting down one of the OWA servers and removing it from DNS and see if the problem persists.

 

[Daveyd123]

Actually, I just deleted 1 of the internal DNS records for "mail" so now all users only hit 1 OWA server. So far so good.

If that is indeed the issue, I am not sure what would have caused users to bounce back and forth between OWA servers when opening up emails when logged into 1 OWA server. Like I said, it has been done this way for years (2 DNS records for "mail" pointing to 2 different OWA server) with no issues

 

[Daveyd123]

Excellent blog post regarding this issue...

http://blogs.msdn.com/b/brad_hughes...r-8-impacts-owa-load-balancing-scenarios.aspx

 

[58sniper]

Excellent post. A star for you.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[Daveyd123]

Thanks for all your help!