Solved

Exchange 2003 OWA Login Problems

Posted on 2006-07-07
19
266 Views
Last Modified: 2010-03-06
Hello,

Here is the deal. I have a windows 2000 domain. Currently users connect to a generic webmail system using a link on there desktops. https:\\mail.domain.com and it takes them to the web interface of the current e-mail system. I have configured OWA to be the main source for users to collect there mail per my managers request. I have enabled forms based authentication and installed a ssl certificate. I have changed the DNS at our ISP and internally to point to the new exchange server, which is running Windows Server 2003 Enterprise as a member or a Windows 2000 domain. The issue is that it only works from links, or favorites, if i type it into the internet explorer bar it prompts me for a user name and password (windows prompt). What is even more strange, when I type in the correct info, it doesn't work, even though it works with OWA when I get there from another route.
Any help would be greatly appreciated, as I need to get this resolved by morning. I know my mail is coming in because I just got a new message into exchange. I think I may of set something wrong up in IIS default website but I am not sure. I currently have it set to a redirect to https://exchange/exchange (exchange is my servers name) A directory below URL entered.

Thanks in advance!
0
Comment
Question by:PE_IT_TEAM
  • 11
  • 7
19 Comments
 

Author Comment

by:PE_IT_TEAM
ID: 17062894
OWA seems to work on my computer but no one elses, if that helps anyone out there.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17062970
If you have enabled forms based authentication, then you shouldn't get a login box. A web page should load.

Keep things simple... whatever you did for the redirection, remove it. Try and get the system back as close as possible to the way it was installed.

Verify that the authentication settings are correct on the virtual directories...

/exchange: integrated and basic only
/exadmin: integrated only
/exchweb: anonymous only
/public: integrated and basic only
/oma: basic only
/Microsoft-Server-ActiveSync: integrated and basic.

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17062995
Hi Sembee,

I have learned so much from you in the past reading on this forum. Thanks for the quick response, I have everything back to normal. When i got to https://exchange/exchange from any computer internally it works now. How would I go about getting an internal link https://mail.domain.com/ to redirect to https://exchange/exchange  ? Also is there anything else I need to do for the link to work externally?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17063002
Set the redirect as I have shown on this page on my web site:
http://www.amset.info/exchange/owa-defaultpage.asp

Then it doesn't matter what URL the users hit the server with, it will redirect.

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063062
I did that and it still doesn't seem to want to work. When i create a link shortcut or when I type it into the web browser still no luck. Is there something I have missed?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17063065
Define doesn't work?

If OWA is set as default - everything works correctly?
When you put in the redirect it fails?

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063079
I type in https:\\mail.domain.com and it still prompts me for a user name and password (windows prompt) even typing in the correct info does not get me any further, but typing in https:\\exchange\exchange brings up the form based page fine and works
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17063110
Do they resolve to the same place?

If you type ping mail.domain.com does it resolve to the same IP address as ping exchange?

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063126
Yes they both resolve to 192.168.1.199

Dave
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17063138
That has to be authentication then.
Did check the authentication matches what I posted above?

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063173
Double checked and  I had missed one setting, restarted IIS and still same issue.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063190
Okay this is nuts, I must have something wrong. When I clicked on the https:\\mail.domain.com link it brought up the windows box again, and instead of using my own name, i used administrator and it worked. What setting do you think I may have wrong.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17063237
That is permissions or authentication causing that.
The reason being that when you access the site with the internal name, IE recognises it and uses integrated authentication. When you use the external name, that doesn't occur.

When you are trying authentication, are you doing just username and password, or domain\username and password?

While it isn't the same, take a look at this question that Lee Derbyshire was working on earlier today.
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21910548.html

Lee knows his way around OWA better than anyone. You might find some useful information in that question.

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063279
With the windows prompt I was typing in just the user name billy.bob and then the password. I tried it with domain/billy.bob and it worked fine. With OWA I used th tweak several months ago so users do not have to enter the domain name. I still am not sure though why it is prompting me for a windows login though when I use a link but does not when I use the internal https:\\mail.domain.com  

I am stumped on this one...
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063293
It's almost like I have to authenticate just to get into the machine and then it all works well
0
 

Author Comment

by:PE_IT_TEAM
ID: 17063319
I added anonymous acess to the default web site and it started working. Is this a security issue? I mean it sounds like one, but I am somewhat new to this whole deal..
0
 
LVL 8

Expert Comment

by:bilbus
ID: 17064124
i use this as my defalt page

<meta HTTP-EQUIV="REFRESH" content="0; url=https://www.website.com/exchange" target="_blank" onclick="return openNew(this.href);">https://www.website.com/exchange">

There are a number of ways to do this though
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17064877
When you added anonymous to your default web site, what did you do on the prompt for the sub folders?
Some anonymous permission is required for OWA to work correctly, so you may not have caused an issue with security.

Simon.
0
 

Author Comment

by:PE_IT_TEAM
ID: 17068114
I pressed cancel for the rest of the folders. All is well now. Thanks Sembee for your help. It is very much appreciated. I am awarding you the point because you got me looking in the right direction to fix this problem. Otherwise I would of never thought it was a an authentication/permission issue. Thanks again!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now