Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OWA prompting for credentials when logging off :/

Posted on 2006-11-20
20
Medium Priority
?
1,233 Views
Last Modified: 2009-03-19
Hi,
  When our users are using Outlook Web Access and clicking the 'log off# button on the browser, its then prompting for thier logon credentials again as if they were logging on.
 If they enter them they can logoff fine, if they cancel the prompt or dont enter thier credentials it comes up with 'access is denied' in a new webpage and keeps thier session open.

 Any ideas ?
0
Comment
Question by:mattash55
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 4
  • +1
20 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17977804
Exchange version?
0
 

Author Comment

by:mattash55
ID: 17977823
Exchange 2003 SP2, Office 2003
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17977925
Are you using FBA?

I am expecting that this is a permissions problem on one of the virtual directories - we have a few fantastic OWA experts here, but until they get there, I will help you as best I can

-red
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:mattash55
ID: 17977947
sill question but whats FBA?

we have it running through an ISA server to the from end Exchange server
0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17977951
Recheck the authentication method that you are using when FBA is enabled:

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17977974
FBA = Forms Based Authentication

That default domain article will be pointless, this is Exchange 2003 SP2 - it doesn't need a domain.

This is FBA -> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

I doubt that you have it enabled, but that shouldn't be a problem.

Does it work from INSIDE the network?
0
 

Author Comment

by:mattash55
ID: 17978014
Inside its fine if we access OWA locally http://servername/exchange. logs off without prompting its only remotely
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17978043
That still makes me think it is a permissions problem.

This guide shows you how to reset the virtual directories for exchange, it is more than you need to do, but covers permissions for Exchweb;

http://support.microsoft.com/kb/883380

-red
0
 

Author Comment

by:mattash55
ID: 17978588
Hmm just found that if the user types the full domain name at logon ie domain/username then they dont have the problem with logging off, only if they logon with username/password
0
 

Author Comment

by:mattash55
ID: 17979410
Also, our remote like used to be 'http://' and now it is ssl secure 'https://' im thinking this is the reason ?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17979429
The usual reason for being re-prompted for username and password details when logging off is that the /exchweb virtual directory in IIS manager does not have anonymous authentication enabled. Make sure that it does.

Simon.
0
 

Author Comment

by:mattash55
ID: 17980146
Enable Anon Authentication is enabled already
0
 

Author Comment

by:mattash55
ID: 17980167
Is there a way of making the users enter the full domain name to log into OWA? so it wont accept tjust thier username i.e has to be domain/user and wont accept just user
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17980183
Change the default domain and default realm on the /exchange virtual directory to just \
That way they will get an authentication failure if they don't enter domain\username

Simon.
0
 

Author Comment

by:mattash55
ID: 17980218
ok ill try that for now.

 can you think of any other reason why the log off authentication box appears though?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17980282
Authentication failure is the usual reason.

The reason it works inside is because the client is able to authenticate when asked using domain credentials. Outside it cannot.

If the server is straight to the internet - ie not through an ISA server - then the anonymous authentication is the usual fix because when a user has finished with their session the authentication is reset.

Using forms based authentication usually confirms if the authentication with /exchweb is the problem. If you enable FBA you shouldn't get an authentication prompt. The page should load normally with the form for the user to enter their credentials. If you enable FBA and get an authentication prompt, then the forms page, then something is wrong with the /exchweb virtual directory. The /exchweb virtual directory is where all of the common web components for OWA are stored.

Simon.
0
 

Author Comment

by:mattash55
ID: 17980318
The OWA client is through an ISA Server :)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17980404
I would look at the ISA server configuration then. Make sure that it is publishing the virtual directories correctly and that the permission on the /exchweb for authentication is set correctly. I haven't got access to an ISA at the moment, so cannot check what it should be.

Simon.
0
 

Author Comment

by:mattash55
ID: 17980691
Simon you mentioned changing the default domain and default realm on the /exchange virtual directory to just \

is this acheived through the ISA manager and the Paths tab ?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17980747
It is probably done on the Exchange server, not the ISA server. The ISA is just acting as a proxy. I cannot check myself as I am on limited access at the moment and don't have access to an ISA server.

Simon.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question