Solved

Enabling Forms-Based Authentication leads to HTTP error 400

Posted on 2009-03-30
22
606 Views
Last Modified: 2012-05-06
Last Friday I tried enabling FBA on our Exchange server and was greeted with an HTTP error 400.  Now I did Google quite a lot on this but none of the results had any bearing to our setup.  We do currently use SSL and have a valid 3rd party signed certificate anyway.  Any help woudl be appreciated.

Not sure what other info you might need here but ask away.
0
Comment
Question by:Ben Hart
  • 13
  • 6
  • 3
22 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 150 total points
ID: 24019031
Are you trying to browse the site from the Exchange server itself? Try https://localhost/exchange from the server first (ignore any certificate errors) and tell me what you see.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24019153
I do not have it enabled still, I have to wait until closer to the close of business, but I was able to correctly view the FBA login page from the server itself but navigating to the normal url https://webmail.companyname.net.  I did not try the local url you mention above.  If I should still give it a shot then I certainly will.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019236
Is this relevant in your case? http://support.microsoft.com/kb/920862
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24019466
Not really.. the most security groups we have that any one person would be a member of is less than 25.  Would it hurt to make those changes anyway to be on the safe side?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019952
Did you get the "HTTP 400" errors after trying to authenticate using FBA?

Perhaps it is better to troubleshoot this after COB; please update the post when you have FBA enabled.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24020102
Yes, I still get prompted the first time prior to the FBA screen.

Will do, thanks Raj.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24020399
Oh yes.. we do not have or use an FE server either.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 100 total points
ID: 24035315
Reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380

Then enable forms based authentication again.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24041749
Thanks for the reply.. but will this force me to re-setup the SSL info I have now?  Like regenerating the key or anything?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24043298
Nope.
The SSL certificate is stored at the web site level, not the directory level.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24081446
I apologize for it taking so long.  Ok so I have reset the web directories, bounce the System Attendant service (along with it's req's), re-enabled the security like the KB article said.  But the Error 400 still persists.  

So to re-cap, browsing to https://webmail.companyname.net, p[rompted with a simple dialog box for authentication using domain credentials, then prompted with the actual FBA page, then Error 400.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 65

Expert Comment

by:Mestha
ID: 24083007
You have put a redirect in to lose the /exchange part then?
If you go straight to the /exchange variant - same error?
What happens if you turn off FBA?

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083097
if I brosw to https:\\webmail.companyname.net/exchange I get the same FBA login screen (minus the popul dialog login box) and I was ABLE TO LOGIN woot.  I went looking in IIS Manager and the properties of the Exchange VD are showing it's pointing to a Directory on this computer of: \\.\BackOfficeStorage\unifiedbrands.net\MBX  Should I change this or is it elsewhere?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24083129
If it works going straight to the /exchange variant, then OWA is working correctly, it is your redirect that is at fault.
I don't recall an authentication pop up being mentioned in a previous post. That would certainly be an error because if you have FBA enabled you shouldn't get any pop up authentication prompts - rather defeats the purpose if you have to login twice or more.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083148
Ahh ok so I should remove MBX and put Exchange instead?  I didnt notice another redirect under any of the other IIS properties.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083179
under the default website, Ive got "redirect to a url" enabled, with "/exchange" as the value.  However like an idiot I checked to apply this url to all the child nodes.  So now I need to figure out what the default path's were to the others like exchweb, public, etc.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24085001
Ok testing from home.. no It still does not work.  I went back thru and reset all the paths to the default locations.  Bounced the IIS service and FBA work perfectly on the internal network.  But externally Im still getting the first popup dialog box, then the FBA page then error 400.  I went back and tried changing the entire redirection value to "\exchange" but kept getting errors about that being an invalid url.  Even selecting a local directoy or a url..same error.  So I altered the default string \\.\backofficestorage\companyname.net\MBX removing the MBX and adding exchange.  Same errors.

Now if I append exchange to the url Im typing into IE with.. "https:\\webmail.companyname.net\exchange then I get straight to the FBA page.. but after entering network credentials I get an http/1.1 503 service unavailable error.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24086811
You shouldn't have touched the Exchange virtual directories. If it was working internally correctly then there was nothing wrong with them.
However as you have done, you need to get it back to the default.
Remove that redirect on the root of the drive, turn off FBA and then reset the virtual directories:
http://support.microsoft.com/default.aspx?kbid=883380

Confirm that OWA works correctly without making any changes to the IIS configuration at all.

Simon.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24090194
Well you mentioned a re-direct.. the paths for the VD's is the only place I can find a "redirect" of any type.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24090451
Ok webmail works internally without a hitch (using both IE and FF).  But from what I can tell using an iphone, which is my only method of testing externally, I cant even bring the login page up.  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24092676
There are two redirections that could be done:
This one to enforce SSL use.
http://support.microsoft.com/kb/839357

plus various methods to remove the /exchange from the initial URL.

If it works inside then it should work from outside.
What is between Exchange and the internet?

Simon.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24186208
I had to go back to non-FBA for now.  Too much downtime and too many other issues cropping up.  Thanks for all you guys help.  I'll split the points out.
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now