Solved

Enabling Forms-Based Authentication leads to HTTP error 400

Posted on 2009-03-30
22
615 Views
Last Modified: 2012-05-06
Last Friday I tried enabling FBA on our Exchange server and was greeted with an HTTP error 400.  Now I did Google quite a lot on this but none of the results had any bearing to our setup.  We do currently use SSL and have a valid 3rd party signed certificate anyway.  Any help woudl be appreciated.

Not sure what other info you might need here but ask away.
0
Comment
Question by:Ben Hart
  • 13
  • 6
  • 3
22 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 150 total points
ID: 24019031
Are you trying to browse the site from the Exchange server itself? Try https://localhost/exchange from the server first (ignore any certificate errors) and tell me what you see.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24019153
I do not have it enabled still, I have to wait until closer to the close of business, but I was able to correctly view the FBA login page from the server itself but navigating to the normal url https://webmail.companyname.net.  I did not try the local url you mention above.  If I should still give it a shot then I certainly will.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019236
Is this relevant in your case? http://support.microsoft.com/kb/920862
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 14

Author Comment

by:Ben Hart
ID: 24019466
Not really.. the most security groups we have that any one person would be a member of is less than 25.  Would it hurt to make those changes anyway to be on the safe side?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019952
Did you get the "HTTP 400" errors after trying to authenticate using FBA?

Perhaps it is better to troubleshoot this after COB; please update the post when you have FBA enabled.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24020102
Yes, I still get prompted the first time prior to the FBA screen.

Will do, thanks Raj.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24020399
Oh yes.. we do not have or use an FE server either.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 100 total points
ID: 24035315
Reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380

Then enable forms based authentication again.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24041749
Thanks for the reply.. but will this force me to re-setup the SSL info I have now?  Like regenerating the key or anything?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24043298
Nope.
The SSL certificate is stored at the web site level, not the directory level.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24081446
I apologize for it taking so long.  Ok so I have reset the web directories, bounce the System Attendant service (along with it's req's), re-enabled the security like the KB article said.  But the Error 400 still persists.  

So to re-cap, browsing to https://webmail.companyname.net, p[rompted with a simple dialog box for authentication using domain credentials, then prompted with the actual FBA page, then Error 400.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24083007
You have put a redirect in to lose the /exchange part then?
If you go straight to the /exchange variant - same error?
What happens if you turn off FBA?

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083097
if I brosw to https:\\webmail.companyname.net/exchange I get the same FBA login screen (minus the popul dialog login box) and I was ABLE TO LOGIN woot.  I went looking in IIS Manager and the properties of the Exchange VD are showing it's pointing to a Directory on this computer of: \\.\BackOfficeStorage\unifiedbrands.net\MBX  Should I change this or is it elsewhere?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24083129
If it works going straight to the /exchange variant, then OWA is working correctly, it is your redirect that is at fault.
I don't recall an authentication pop up being mentioned in a previous post. That would certainly be an error because if you have FBA enabled you shouldn't get any pop up authentication prompts - rather defeats the purpose if you have to login twice or more.

-M
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083148
Ahh ok so I should remove MBX and put Exchange instead?  I didnt notice another redirect under any of the other IIS properties.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24083179
under the default website, Ive got "redirect to a url" enabled, with "/exchange" as the value.  However like an idiot I checked to apply this url to all the child nodes.  So now I need to figure out what the default path's were to the others like exchweb, public, etc.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24085001
Ok testing from home.. no It still does not work.  I went back thru and reset all the paths to the default locations.  Bounced the IIS service and FBA work perfectly on the internal network.  But externally Im still getting the first popup dialog box, then the FBA page then error 400.  I went back and tried changing the entire redirection value to "\exchange" but kept getting errors about that being an invalid url.  Even selecting a local directoy or a url..same error.  So I altered the default string \\.\backofficestorage\companyname.net\MBX removing the MBX and adding exchange.  Same errors.

Now if I append exchange to the url Im typing into IE with.. "https:\\webmail.companyname.net\exchange then I get straight to the FBA page.. but after entering network credentials I get an http/1.1 503 service unavailable error.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24086811
You shouldn't have touched the Exchange virtual directories. If it was working internally correctly then there was nothing wrong with them.
However as you have done, you need to get it back to the default.
Remove that redirect on the root of the drive, turn off FBA and then reset the virtual directories:
http://support.microsoft.com/default.aspx?kbid=883380

Confirm that OWA works correctly without making any changes to the IIS configuration at all.

Simon.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24090194
Well you mentioned a re-direct.. the paths for the VD's is the only place I can find a "redirect" of any type.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24090451
Ok webmail works internally without a hitch (using both IE and FF).  But from what I can tell using an iphone, which is my only method of testing externally, I cant even bring the login page up.  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24092676
There are two redirections that could be done:
This one to enforce SSL use.
http://support.microsoft.com/kb/839357

plus various methods to remove the /exchange from the initial URL.

If it works inside then it should work from outside.
What is between Exchange and the internet?

Simon.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 24186208
I had to go back to non-FBA for now.  Too much downtime and too many other issues cropping up.  Thanks for all you guys help.  I'll split the points out.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Office 365 Public IP configuration on DNS ? 7 51
Installing Exchange 2016 2 25
Exchange 2013 weird behavior 6 35
Exchange ActiveSync 12 16
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question