OWA prompting for credentials when logging off :/

Exchange version?

Exchange 2003 SP2, Office 2003

Are you using FBA?

I am expecting that this is a permissions problem on one of the virtual directories - we have a few fantastic OWA experts here, but until they get there, I will help you as best I can

-red

sill question but whats FBA?

we have it running through an ISA server to the from end Exchange server

Recheck the authentication method that you are using when FBA is enabled:

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

FBA = Forms Based Authentication

That default domain article will be pointless, this is Exchange 2003 SP2 - it doesn't need a domain.

This is FBA -> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

I doubt that you have it enabled, but that shouldn't be a problem.

Does it work from INSIDE the network?

Inside its fine if we access OWA locally http://servername/exchange. logs off without prompting its only remotely

That still makes me think it is a permissions problem.

This guide shows you how to reset the virtual directories for exchange, it is more than you need to do, but covers permissions for Exchweb;

http://support.microsoft.com/kb/883380

-red

Hmm just found that if the user types the full domain name at logon ie domain/username then they dont have the problem with logging off, only if they logon with username/password

Also, our remote like used to be 'http://' and now it is ssl secure 'https://' im thinking this is the reason ?

The usual reason for being re-prompted for username and password details when logging off is that the /exchweb virtual directory in IIS manager does not have anonymous authentication enabled. Make sure that it does.

Simon.

Enable Anon Authentication is enabled already

Is there a way of making the users enter the full domain name to log into OWA? so it wont accept tjust thier username i.e has to be domain/user and wont accept just user

Change the default domain and default realm on the /exchange virtual directory to just \
That way they will get an authentication failure if they don't enter domain\username

Simon.

ok ill try that for now.

 can you think of any other reason why the log off authentication box appears though?

Authentication failure is the usual reason.

The reason it works inside is because the client is able to authenticate when asked using domain credentials. Outside it cannot.

If the server is straight to the internet - ie not through an ISA server - then the anonymous authentication is the usual fix because when a user has finished with their session the authentication is reset.

Using forms based authentication usually confirms if the authentication with /exchweb is the problem. If you enable FBA you shouldn't get an authentication prompt. The page should load normally with the form for the user to enter their credentials. If you enable FBA and get an authentication prompt, then the forms page, then something is wrong with the /exchweb virtual directory. The /exchweb virtual directory is where all of the common web components for OWA are stored.

Simon.

The OWA client is through an ISA Server :)

I would look at the ISA server configuration then. Make sure that it is publishing the virtual directories correctly and that the permission on the /exchweb for authentication is set correctly. I haven't got access to an ISA at the moment, so cannot check what it should be.

Simon.

Simon you mentioned changing the default domain and default realm on the /exchange virtual directory to just \

is this acheived through the ISA manager and the Paths tab ?