Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA Forms Based Auth problem

Status
Not open for further replies.
JVKAdmin

JVKAdmin

IS-IT--Management
Dec 28, 2001
155
0
0
CA
Hi,

I'm running a test environment running windows 2003 with exchange 2003 server. The server is installed properly as a Certificate Authority. I've gotten to the point of trying to to get OWA forms based authentication to work but am having problems.

Before I choose forms based auth with SSL, OWA worked on the local server as well as from a lan client and from a separate network client.

As soon as I turned it on, the external client and the local lan client stopped being able to access OWA. If I try to open it up on the server itself, it still allows me to log in.

Has anyone ever come across this ?

Thanks

Kevin.
 
Sort by date Sort by votes
Some reading ...

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
 
Upvote 0 Downvote
Thanks for the links. I have looked at most of these before. None of them address the problem I'm having.

I need to know if anyone else has come across the issue I described ?

This was true if I tried logging in using domain\username, UPN or straight username and password.
 
Upvote 0 Downvote
Make sure you have port 443 open and that you are connecting to https.
 
Upvote 0 Downvote
You mentioned that before you enabled FBA, it was working. Was that through HTTP and HTTPS (SSL), or just one or the either?

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Hi,

The testing was done strictly on port 443 before and after. Opening ports doesn't matter because the local subnet client (in trusted network) also cannot access the outlook web access after forms based auth is turned on. One piece of other information, I'm using virutal PC. The host is the local subnet client (XP SP2) and the exchange/DC server is the VPC on that machine. They share a network adapter but both can communicate (host back and forth to VPC). The testing from outside worked with port 443 opened before applying forms based authentication.

One other piece of information, all Windows XP host machines are in a separate domain or workgroup (I don't know if this is a problem or not but defeats the purpose of getting FBA to work in the first place !). They can all connect to the OWA on the server. The problem is definitely authenication because when you run internet explorer on the server VPC with exchange it connects and logs in right away. The other clients just get to the OWA forms page (with SSL etc) and won't allow you to log in (it tries but then doesn't log you in and flips right back to the log in page again).

Are there any cookie settings, domain controller settings or auth settings I should be checking ? Also is there a place I can view all failed log in attempts to figure out why ?

My next thing is trying this IIS AuthDiag test tool from microsoft to see if it says anything.

Really stuck on this one.

Thanks

Kevin.
 
Upvote 0 Downvote
Have you set the Authentication Methods in the properties of the Exchange virtual directory?

(IIS Manager -> Default Website\Exchange Properties -> Directory Security tab -> Authentication and access control)

Only Basic Authentication needs to be checked and I like to set the default domain and realm to the local domain (mydomain.local).

s.
 
Upvote 0 Downvote
Hi,

Yes I have been up and down this section.

I have one question however, do all of the Exchange Virtual Directories have to be selected for basic authentication or just the Exchange one ?

Also why are the Virtual Directories security settings grayed out in Exchange ? I can't change them from the admin console, just in IIS ?

Kevin
 
Upvote 0 Downvote
If you search here, you'll find a post by Markdmac that illustrates what should be set for each of the folders.

The only time I see this issue is when the installation of the cert is bad. Try removing the cert, testing normal access, then reinstall.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
58sniper,

Thanks for the info. I'll try your suggestion of re-doing the certificate and see what happens. I know there was a question of whether to have the system automatically try to install it or do a manual install of the certificate. I previously choose the auto route, so now I'll choose the manual one.

We'll see what happens...

Kevin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
641
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
492
ponoodle
ponoodle
Beni Santoso
  • Locked
  • Question
pop3 account setup failed at outlook because client was not authenticated to send anonymous mail
Replies
1
Views
68
DrB0b
DrB0b
lwhalo
  • Locked
  • Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
54
ntinlin
ntinlin
joblack23
  • Locked
  • Question
owa lock
Replies
0
Views
36
joblack23
joblack23

Part and Inventory Search

Sponsor

Back
Top