cancel
Showing results for 
Search instead for 
Did you mean: 

OWA Authentication

Paul_Daley
Level 5
When using Outlook Web Access for Exchange 2003, if a user opens an archived item they are prompted to authenticate to the domain again (despite having done this to access OWA). The archived item is then displayed.

Is this normal? It only happens once per session, but this might be one time too many for some users!



Cheers,

Paul.
1 ACCEPTED SOLUTION

Accepted Solutions

Tremaine
Level 6
Employee Certified
Hi

If you are using Forms Based Authentication on your FE then this is the way it will behave.
However if you are not using FBA on your Servers then you can bypass this by setting the EnterpriseVault Virtual Directory to use basic Auth only and set all the 'Realms' on all the Virtual Directories (exchange, public, EnterpriseVault) to the same string.

Unfortunately this is down to the fact that OWA FBA uses a cookie for authentication purposes and EV cannot make use of the OWA cookie so then requires re-authentication by IIS when being redirected to the EV VD.

Cheers

View solution in original post

9 REPLIES 9

Terence_Marques
Level 3
Try Changing you setting in the security of iis

regards,

Terence

David_Messeng1
Level 6
Hi,

is it your proxy server? Your client will know to bypass the proxy for normal EV activity but your Exchage server might not.

Do the 2 authentication dialog boxes have fdifferent server names in the tile bar?


David
http://messy.bravehost.com/

Paul_Daley
Level 5
I don't think its the proxy as I've used proxycfg to make sure that the front end exchange server will go direct.

The dialog box shows as being from the front end server, but it says "Enterprise Vault" just above the username and password fields.

When I use OWA on the back end exchange server I'm not prompted to authenticate to open archived items.

I'm assuming that this can be made to work..!

David_Messeng1
Level 6
Paul,

aha, you have a front end... have you configured Intergrated Windows Authentication as per page 103 of the manual?

(http://ftp.support.veritas.com/pub/support/products/Exchange_Mailbox_Archiving_Unit/277022.pdf)

Paul_Daley
Level 5
I have re-run the configuration program and this completes OK (I've checked the log). I still have the same issue.

Do I need to tweak the ISS virtual directory security settings?

David_Messeng1
Level 6
Not sure I'm gonna be much help. Why are you using a front end? Is it in a DMZ or something? Have you set the Default Domain on the Basic Authentication tab on IIS?

Paul_Daley
Level 5
Thanks for the suggestions. I've tried modifying the security properties for the virtual directory in IIS on the front end server, but had no joy.

In my desperation I've emailed support!

David_Messeng1
Level 6
Best of luck with support Paul! Please you let us know what they come up with. The fact that you have to authenticate on the OWA server initially may be connected perhaps?

I abandoned front-end Exchange servers when I moved the platform to 2003 (we don't allow users to connect throught the internet so any OWA can be done on the back-ends) so I'm not much help (ok, no help at all!) I'm afraid.

I still have a few Exchange 2000 front ends and the only unusual thing I can remember that I did to them was that default domain thingy.

We only have a few hundred users connected via OWA (no Outlook client, no software distribution, thru a NATed firewall) and I suspect they have a pretty miserable time of it already so I can't really face foisting EV on them as well ;)

Tremaine
Level 6
Employee Certified
Hi

If you are using Forms Based Authentication on your FE then this is the way it will behave.
However if you are not using FBA on your Servers then you can bypass this by setting the EnterpriseVault Virtual Directory to use basic Auth only and set all the 'Realms' on all the Virtual Directories (exchange, public, EnterpriseVault) to the same string.

Unfortunately this is down to the fact that OWA FBA uses a cookie for authentication purposes and EV cannot make use of the OWA cookie so then requires re-authentication by IIS when being redirected to the EV VD.

Cheers