?
Solved

Forms based authentication does not work

Posted on 2005-03-29
12
Medium Priority
?
1,933 Views
Last Modified: 2008-01-28
I have an Exchange 2003/W2k3 FE/BE solution with SSL enabled on the FE server. I have enabled Forms Based Authentication on the FE server but the old logon box still pops up. The FE server has been rebooted after the changes. I use https://owa.domain.com/exchange to log on and OWA works fine, just not the new authentication page.
Any ideas anyone?
0
Comment
Question by:Allianse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 24

Expert Comment

by:flyguybob
ID: 13652883
It sounds like the anonymous authentication to the server for the exchange/bin directory in IIS is denied.
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13652911
Is what is happening:
1) Connect to the FBA page
2) Enter authenticaiton info
3) Log onto server using FBA
4) User is now in OWA
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13655113
First thing to check with any OWA issues is authentication in the IIS manager for the Exchange virtual directories:
/exchange
/exchweb
/public
/exadmin

All should be basic and integrated ONLY.
In addition, /exchweb should also have anonymous access. No others should have anonymous.

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Allianse
ID: 13659313
I have the following security on the Exchange virtual directories:
/exadmin - Integrated
/exchange - Basic
/exchweb - Anonymous and Integrated
/exchweb/bin - Anonymous and Integrated
/public - Basic

When I change the settings to Basic AND Integrated on all directories in addition to Anonymous on the Exchweb and bin directories, the popup login-box still shows when I try to logon to OWA, but now with the Domain field in addition to the Username and Password fields (not wanted).
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13659461
The settings that I have give you above are the correct settings from a working front-end / back-end scenario. Therefore that is what you need to set them to. The fact that the login prompt keeps coming indicates that the problem is elsewhere.

Have you tried to do anything with the anonymous user account within IIS? This should be left under the control of Windows.
If you disable FBA, does it login correctly to the mailbox?
With FBA enabled do you ever see the forms page?

My instinct is that something is wrong with IIS, but it is tracking down what.

Simon.
0
 

Author Comment

by:Allianse
ID: 13659568
We do not want the users to have to enter the domain when logging on, therefore we use only Basic on /exchange and /public (and avoid the Domain-field in the popup box)
We only see the popup box (and not the FBA page) either if FBA is enabled or not. We use the default IUSR_... for anonymous logon.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13660976
When you are using FBA you will need to use the domain when completing the form.
That can be changed via an unsupported process. It is outlined in the articles below.

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain-Part2.html

However you aren't even seeing the forms based login page, so something is wrong there. When it is enabled you shouldn't see any popup box - the form does everything for you.

What happens if you browse to the FBA page directly?

http://servername/exchweb/bin/auth/owalogon.asp

Note that it is in http, but also try it in https as well.
Do you get any prompts for username and password?

Simon.
0
 

Author Comment

by:Allianse
ID: 13661077
I still get the logon popup when I use https://servername/exchweb/bin/auth/owalogon.asp (and no FBA page)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13661261
If you have anonymous enabled for exchweb (which you should) then you shouldn't get a prompt. The /exchweb directory contains public information that should be accessible by anyone.
Have you got anything on this server that can be browsed by an anonymous user? Or does everything prompt for a username and password?

Therefore this means that either the authentication on the anonymous internet account isn't working correctly, or there is a more core problem with IIS.

A couple of articles I would like you to look at.

This article tells you how to reset the anonymous account password. Ignore the symptoms and version - it is the same for IIS4, 5 and 6.
http://support.microsoft.com/?kbid=184730

This second one is how to reset the virtual folders for Exchange. This may resolve the problems if the above doesn't.
http://support.microsoft.com/?kbid=883380

Simon.
0
 

Author Comment

by:Allianse
ID: 13661425
Regarding the first article - I cant find the same things in IIS6 Manager as referenced in the IIS4 article. Could you please tell me how to do this with IIS6? Thanks:)
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 13665473
My bad - I only scan read it during a break at a client's.

This is a better article to follow.

http://support.microsoft.com/default.aspx?kbid=332167

Simon.
0
 

Author Comment

by:Allianse
ID: 13670362
Resetting the Exchange virtual folders did the trick. Thank you!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question