We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

How to login to OWA without using domain\username

beplas
beplas asked
on
Medium Priority
1,741 Views
Last Modified: 2008-01-09
Hi,
I am trying to log in to OWA using a username only, i.e. without having to type domain\username.

Let me give you some background

Running Windows server 2003. Exchange server 2003 Enterprise SP2 (single server). We also have two logical domains, internaldomain.local, and externaldomain.com.

The exchange server is a DC for externaldomain.com. All our users are located in internaldomain.local. There is a 2-way trust between the domains.

We have 3 different methods of access from the internet to exchange :
Laptops use RPC over HTTPS
PDA's use Direct push
Webmail

THE PROBLEM :
To use direct push for the PDA's, we need to have forms based authentication turned off - This works ok.
However, when using webmail, users are connectinc to externaldomain.com, which tries to authenticate them. All our users are in internaldomain.local. So they have to type in internaldomain.local\username .

Is there a way of automatically authenticating to the internal domain without having to type in the domain name in the login box?

I have already tried setting the internal domain as the default domain and realm on the directory security tab on the /exchange folder.
I have also added the internal domain controllers on the "directory access" tab on the properties of the exchange server.

Any ideas how i can get round this?

Cheers
Paul
Comment
Watch Question

Expert of the Year 2007
Expert of the Year 2006

Commented:
The default domain/realm setting is the only one that is required - I am not aware of any other mechanism.

Otherwise go back to using FBA. It is possible to have that co-existing with EAS. You just need to get the authentication settings correct on the virtual directory - specifically enable both integrated and basic authentication on the /exchange virtual directory - it will probably be basic only at the moment.

Simon.

Author

Commented:
Close, but no cigar. The /exchange virtual directory has both basic and integrated already selected, without integrated direct push will not work. Also, the domain/realm are both set to internaldomain.local, but appear to have no effect
Expert of the Year 2007
Expert of the Year 2006
Commented:
I can assure you that it does work, as I have it working on four or five systems.

The full authentication settings are:

/exchange - basic and integrated ONLY
/exchweb - anonymous ONLY
/exadmin - integrated ONLY
/public  - basic and integrated ONLY
/oma - basic ONLY
/Exchange-Server-ActiveSync - basic and integrated only

With FBA you don't have to set the default domain and default realm as the FBA page deals with that for you (undocumented change in service pack 2).

Simon.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Hi Simon,
I checked the settings on each of the folders, and made one or two changes according to your list. And still i got activesync error 85010001. So i tried another PDA - and sure enough - the second one worked fine!

Turned out to be the SSL requirement in the server settings wasn't ticked on the PDA.

Thanks for your help, it cleared up a few issues for me.

Cheers
Paul
Expert of the Year 2007
Expert of the Year 2006

Commented:
The thing to remember is that OMA/EAS caches errors. When you get them once, it is common to get them again. I usually recommend to reset the handheld device before trying again to clear any cached information.

Simon.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.