OWA FBA is kicking my behind! IIS is not playing nice with Permissions

[StumpedTechy]

Okay I have done the following -

Made my own SSL certificate. I put it on the local exchange server. I enabled 128 bit encryption and I did this for all of the Exchange folders under Default Website in IIS.

Now is where I hit my problem - HTTP now works as it should giving an SSL error. HTTPS gives me the OWA FBA login page but I get a page that reads "unspecified error" no matter what I put in the username and password field.

I was told I needed to go to the IIS default website and then go to the properties and the Authenitcation and remove the anon access and add in the clear type but when I do that I get the windows prompt box before the OWA FBA opens up.

I think somewhere IIS and my AD are not jiving and its not allowing for a login...

Any thoughts?

 

[Zelandakh]

Try following Henrik's article

http://www.msexchange.org/tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-Certificate.html

and see if that resolves your problem.

 

[StumpedTechy]

Whats the difference between a 3rd party SSL and a Home made SSL certificate through microsoft? Is that really something that can cause the OWA FBA to not work properly? I did the same instructions except with a Microsoft SSL certificate and its having issues.

This is for only internal use on our network and theres not really a need for external 3rd party certificates.

 

[markdmac]

Having a home-made cert is perfectly fine.

Check your security settings for all Exchange related folders in IIS.

Default Web site
Enable Anonymous access
Integrated Windows Authentication
Exadmin
Integrated Windows Authentication
Require SSL
Require 128 bit
Exchange
Basic Authentication
Default Domain \
Exchange-oma
Integrated Windows Authentication
Basic Authentication
ExchWeb
Enable Anonymous access
Require SSL
Require 128 bit
Microsoft-Server-ActiveSync
Scripts and Executables
Exchange Application Pool
Basic Authentication
Default Domain DomainName
OMA
Scripts Only
ExchangeMobileBrowseApplicationPool
Basic Authentication
Default Domain DomainName
Public
Basic Authentication
Default Domain \
Require SSL
Require 128 bit

I hope you find this post helpful.

Regards,

Mark

 

[StumpedTechy]

Great I am off of work tomorrow but I'll shesk out the settings on Thursday. Thanks for a lead on what to look for.

 

[StumpedTechy]

Okay this permissions thing seems to be the key. When I mirrored tham after yours I got the following - Windows pop up prompt but no FBA login screen BUT I am now able to access using SSL and the HTTPS. Now I just need to get FBA logon instead of the windows logon to show up again.

I mirrored them as much as I could but I have a few settings missing on mine in all look below for thigns that are different -

Default Web site (Mirrored 100%)
Enable Anonymous access
Integrated Windows Authentication
Exadmin (Mirrored 100%)
Integrated Windows Authentication
Require SSL
Require 128 bit
Exchange (Mirrored 100%)
Basic Authentication
Default Domain \
Exchange-oma (Do not have this site listed)
Integrated Windows Authentication
Basic Authentication
ExchWeb (Mirrored 100%)
Enable Anonymous access
Require SSL
Require 128 bit
Microsoft-Server-ActiveSync (Mirrored 100%)
Scripts and Executables
Exchange Application Pool
Basic Authentication
Default Domain DomainName
OMA (Mirrored Partly)
Scripts Only
ExchangeMobileBrowseApplicationPool (do not have this application pool I have it set to ExchangeApplicationPool)
Basic Authentication
Default Domain DomainName
Public (Mirrored 100%)
Basic Authentication
Default Domain \
Require SSL
Require 128 bit

At least I am half way there now SSL is working.. I just need the FBA logon screen back!

 

[markdmac]

Check in Exchange and verify that Forms Based Auth is still checked. If it is, uncheck it and click OK. Then go back in and recheck it.



I hope you find this post helpful.

Regards,

Mark