beplas
asked on
How to login to OWA without using domain\username
Hi,
I am trying to log in to OWA using a username only, i.e. without having to type domain\username.
Let me give you some background
Running Windows server 2003. Exchange server 2003 Enterprise SP2 (single server). We also have two logical domains, internaldomain.local, and externaldomain.com.
The exchange server is a DC for externaldomain.com. All our users are located in internaldomain.local. There is a 2-way trust between the domains.
We have 3 different methods of access from the internet to exchange :
Laptops use RPC over HTTPS
PDA's use Direct push
Webmail
THE PROBLEM :
To use direct push for the PDA's, we need to have forms based authentication turned off - This works ok.
However, when using webmail, users are connectinc to externaldomain.com, which tries to authenticate them. All our users are in internaldomain.local. So they have to type in internaldomain.local\usern
Is there a way of automatically authenticating to the internal domain without having to type in the domain name in the login box?
I have already tried setting the internal domain as the default domain and realm on the directory security tab on the /exchange folder.
I have also added the internal domain controllers on the "directory access" tab on the properties of the exchange server.
Any ideas how i can get round this?
Cheers
Paul
I am trying to log in to OWA using a username only, i.e. without having to type domain\username.
Let me give you some background
Running Windows server 2003. Exchange server 2003 Enterprise SP2 (single server). We also have two logical domains, internaldomain.local, and externaldomain.com.
The exchange server is a DC for externaldomain.com. All our users are located in internaldomain.local. There is a 2-way trust between the domains.
We have 3 different methods of access from the internet to exchange :
Laptops use RPC over HTTPS
PDA's use Direct push
Webmail
THE PROBLEM :
To use direct push for the PDA's, we need to have forms based authentication turned off - This works ok.
However, when using webmail, users are connectinc to externaldomain.com, which tries to authenticate them. All our users are in internaldomain.local. So they have to type in internaldomain.local\usern
Is there a way of automatically authenticating to the internal domain without having to type in the domain name in the login box?
I have already tried setting the internal domain as the default domain and realm on the directory security tab on the /exchange folder.
I have also added the internal domain controllers on the "directory access" tab on the properties of the exchange server.
Any ideas how i can get round this?
Cheers
Paul
ASKER
Close, but no cigar. The /exchange virtual directory has both basic and integrated already selected, without integrated direct push will not work. Also, the domain/realm are both set to internaldomain.local, but appear to have no effect
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Simon,
I checked the settings on each of the folders, and made one or two changes according to your list. And still i got activesync error 85010001. So i tried another PDA - and sure enough - the second one worked fine!
Turned out to be the SSL requirement in the server settings wasn't ticked on the PDA.
Thanks for your help, it cleared up a few issues for me.
Cheers
Paul
I checked the settings on each of the folders, and made one or two changes according to your list. And still i got activesync error 85010001. So i tried another PDA - and sure enough - the second one worked fine!
Turned out to be the SSL requirement in the server settings wasn't ticked on the PDA.
Thanks for your help, it cleared up a few issues for me.
Cheers
Paul
The thing to remember is that OMA/EAS caches errors. When you get them once, it is common to get them again. I usually recommend to reset the handheld device before trying again to clear any cached information.
Simon.
Simon.
Otherwise go back to using FBA. It is possible to have that co-existing with EAS. You just need to get the authentication settings correct on the virtual directory - specifically enable both integrated and basic authentication on the /exchange virtual directory - it will probably be basic only at the moment.
Simon.