daryl_james
asked on
OWA Session timeout in 10 - 20 seconds- requests login again.
Exchange Server 2003 SP2
Configured OWA to use SSL and KB article to redirect automatically to HTTPS.
This works OK, you get the Premium login- all proceeds fine after login (prompted for server certificate) and then logged in OK.
You can browse Inbox, Notes, etc all seems fine but only for about 10 to 20 seconds. Then the folder list remains visible, but the internal frame goes back to the login page. This happens for all email users (including admin) and behaviour can be reproduced on localhost.
I have tried creating the OWA timeout key in the registry and set it to 10 mins (which is the default) with no luck.
I have resorted to using standard HTTP (non-ssl) web outlook and this works fine.
I feel the issue has something to do with the life of certificate, but don't really know where to start troubleshooting. Can someone please help?
I
Configured OWA to use SSL and KB article to redirect automatically to HTTPS.
This works OK, you get the Premium login- all proceeds fine after login (prompted for server certificate) and then logged in OK.
You can browse Inbox, Notes, etc all seems fine but only for about 10 to 20 seconds. Then the folder list remains visible, but the internal frame goes back to the login page. This happens for all email users (including admin) and behaviour can be reproduced on localhost.
I have tried creating the OWA timeout key in the registry and set it to 10 mins (which is the default) with no luck.
I have resorted to using standard HTTP (non-ssl) web outlook and this works fine.
I feel the issue has something to do with the life of certificate, but don't really know where to start troubleshooting. Can someone please help?
I
ASKER
Simon,
The cert is from another 2003 server in our domain designated as the cert authority and was self-signed. This cert was requested and I followed article online at http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html to request and install on the mail server. This all worked fine.
I have disabled 'require SSL' to allow me to use non-ssl OWA, but still test using SSL OWA.
We also have another 2003 exhange server in our domain that has succesfully installed a cert from the main server and SSL OWA works fine there, so I doubt that there is something wrong on the cert authority server.
I've been through the process of requesting/pending and installing a replacement cert and although you can connect via SSL it still times out.
Does this have something to do with Forms Based Authentication session cookies timing out? I don't really know how to turn on FBA or to test it.
I have wasted so much time on this problem and can't seem to get any futher. Any ideas?
Thanks
The cert is from another 2003 server in our domain designated as the cert authority and was self-signed. This cert was requested and I followed article online at http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html to request and install on the mail server. This all worked fine.
I have disabled 'require SSL' to allow me to use non-ssl OWA, but still test using SSL OWA.
We also have another 2003 exhange server in our domain that has succesfully installed a cert from the main server and SSL OWA works fine there, so I doubt that there is something wrong on the cert authority server.
I've been through the process of requesting/pending and installing a replacement cert and although you can connect via SSL it still times out.
Does this have something to do with Forms Based Authentication session cookies timing out? I don't really know how to turn on FBA or to test it.
I have wasted so much time on this problem and can't seem to get any futher. Any ideas?
Thanks
FBA is either on or off. No other settings to it through the standard windows.
ESM, Servers, <your server>, Protocols, HTTP. Right click on the Exchange Virtual Server and choose Properties. Click on the second tab. Disable or enable there.
The OWA cookie timeout can also be controlled with the OWA Admin tool. That is a free download from Microsoft. Make sure that you read the readme file, particularly the bit about installing it on a workstation, not the server.
For what its worth, I don't recommend using self signed SSL certificates for public facing applications like OWA. You should see what Internet Explorer 7.0 does with a self signed certificate.
I also don't recommend using the require SSL option. If you decide to use Windows Mobile devices at a later date you have to disable that option anyway.
Simon.
ESM, Servers, <your server>, Protocols, HTTP. Right click on the Exchange Virtual Server and choose Properties. Click on the second tab. Disable or enable there.
The OWA cookie timeout can also be controlled with the OWA Admin tool. That is a free download from Microsoft. Make sure that you read the readme file, particularly the bit about installing it on a workstation, not the server.
For what its worth, I don't recommend using self signed SSL certificates for public facing applications like OWA. You should see what Internet Explorer 7.0 does with a self signed certificate.
I also don't recommend using the require SSL option. If you decide to use Windows Mobile devices at a later date you have to disable that option anyway.
Simon.
Hi,
You refer this site only for exchange 2003 OWA timeout:
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
start from figure 4 of this above article .
You refer this site only for exchange 2003 OWA timeout:
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
start from figure 4 of this above article .
ASKER
Thanks Amaheshwari, but I have already tried turing off FBA, and also tried changing the OWA timeout. No- luck. It appears as though SSL is just broken on this Exchange server. I don't even think there is a problem with IIS or the OWA website.
I have 3 exchange servers in the same domain, 2 work just fine over SSL, the problem one connects fine and works for about 10 seconds then the session times out. It does the same for all users and can replicate problem logging on at console of server.
I have compared the config on those that work with the broken server and tried to copy the config exactly, but the problem persists and I have not been able to resolve this issue.
I'm out of ideas after several months of trying to fix it - looks like I might have to resort to a Microsoft Professional Support call. :(
I have 3 exchange servers in the same domain, 2 work just fine over SSL, the problem one connects fine and works for about 10 seconds then the session times out. It does the same for all users and can replicate problem logging on at console of server.
I have compared the config on those that work with the broken server and tried to copy the config exactly, but the problem persists and I have not been able to resolve this issue.
I'm out of ideas after several months of trying to fix it - looks like I might have to resort to a Microsoft Professional Support call. :(
ASKER
I finally cracked it myself and am posting my resolution here to save someone else the pain!
I resolved the issue by following http://support.microsoft.com/default.aspx?kbid=883380 to delete/recreate the virtual directories for OWA, OMA and Exchange (Method 2).
1. I deleted the EXadmin, ExchWeb, Exchange, Microsoft-Server-ActiveSyn
2. Use \inetpub\adminscripts\AdsU
adsutil delete ds2mb
3. Restart Microsoft Exchange System Attendant services (and dependant services)
Thank you to all for your assistance.
I resolved the issue by following http://support.microsoft.com/default.aspx?kbid=883380 to delete/recreate the virtual directories for OWA, OMA and Exchange (Method 2).
1. I deleted the EXadmin, ExchWeb, Exchange, Microsoft-Server-ActiveSyn
2. Use \inetpub\adminscripts\AdsU
adsutil delete ds2mb
3. Restart Microsoft Exchange System Attendant services (and dependant services)
Thank you to all for your assistance.
Changed recommendation: PAQ - points refunded
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it a purchased certificate or a self signed certificate?
Simon.