Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issues Logging Off in Outlook Web Access on Firefox & Google Chrome

Posted on 2009-07-14
14
Medium Priority
?
1,466 Views
Last Modified: 2012-05-07
I have an Windows Small Business Server 2003 with Exchange 2003 (6.5) SP2 and when accessing Outlook Web Access from Internet Explorer the log off feature works fine. But when I access it from Google Chrome or Firefox and click the log off button then go back to the access page it is already logged in with the same user. I assume its just an incompatibility between Exchange and these other web browsers. But is there a patch to fix this? I don't want my users to be logged in still if they use a public computer.

Thanks!
Dan
0
Comment
Question by:filtrationproducts
  • 9
  • 3
  • 2
14 Comments
 
LVL 11

Expert Comment

by:gikkel
ID: 24850997
That doesnt seem normal...I tried to recreate from Firefox, Chrome, and Safari.  The only difference with those browsers is that when you click back, the user name remains.  The password shouldn't be saved and you definitely shouldn't be logged in.  Are you sure the account remains active?
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24851481
Yes, If i log out I get the one window that tells you to click the close button and exit your browser to complete the log off. But when you click the Close button nothing happens in Firefox and Chrome. When in IE it will prompts you to close the browser. But even if i do not do that and go back to the domain.com/exchange page to log in (when in IE) It still re prompts me for a user name and password. In Chrome and Firefox it just goes right back into the Inbox like you never logged off.

Does this make sense?
0
 
LVL 11

Expert Comment

by:gikkel
ID: 24851586
I really don't think that is normal...when you press logoff, it should just logoff and return to the exchange login page.  Is your site setup to require SSL? (https://)   Is your server up to date?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:filtrationproducts
ID: 24851598
The site is not setup for SSL

The server is up to date on SP's
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24851613
I can connect with SSL (self signed) but it still does the same thing. I press log off then click back or go to domain.com/exchange and its back in the Inbox
0
 
LVL 65

Accepted Solution

by:
Mestha earned 100 total points
ID: 24851768
Are you seeing the forms based authentication page?
If not then you are not using cookie control, so this behaviour is to be expected.
FBA is only available through SSL and should be enabled by default.

Simon.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24851772
Oh and service packs being up to date is not enough. You need to run Microsoft Update and the SBS Best Practises tool to ensure that you have all relevant updates.

Simon.
0
 
LVL 11

Assisted Solution

by:gikkel
gikkel earned 100 total points
ID: 24851906
OWA authentification is session based.  You must require SSL for users to be forced logged off after closing.  Since your logoff button isn't working correctly, I'm thinking our differences are because you require the logoff warning (to verify, view source when logged into owa, see if var G_fWarnOnLogOff=true)...and that may be the firefox/chrome issue.  
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027141
It says False. See below.
<SCRIPT language="JavaScript">
var g_iNewWindowWidth = 700;
var g_iNewWindowHeight = 500;
var g_fWarnOnLogOff=false;
function WarnOnLogOff()
{
if (g_fWarnOnLogOff)
alert("To help protect your mailbox from unauthorized access, close all browser windows when you finish using Outlook Web Access.");
}
</SCRIPT>

Open in new window

0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027219
Mestha:
The server is up to date using automatic updates.

I am running the exchange best practices tool and the only 3 issues that came back were;

1. global incoming message size not set
2. global outgoing message sie not set
3. WMI access is not possible
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027273
I turned on Form Based Authentication under Exchange Service Manager / DOMAIN / SERVERS / DOMAIN / PROTOCOLS / HTTP / EXCHANGE VIRTUAL SERVER / PROPERTIES / SETTINGS

I tried logging in again with each web browser and they all still behaved the same way.
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027403
I found this on msexchange.org (which verify's everything you guys are saying) I don't understand why Microsoft would design something that is by default such a security issue.

"In addition to this, Outlook Web Access authentication is generally session based. This means if you do not logoff and close your browser you remain logged in. Especially in public web access areas where users are unable to close the browser window it becomes quite easy for other users to read and send emails in the name of a company user."

Then they go on to say after you create a SSL certificate and turn on form authentication you will still have the same effect and that the only difference now is there will be a default timeout time of 10 minutes and emails are no longer sent in clear text.

I don't see that as anymore secure. I worry more about someone clicking the back button into my email inbox than someone scanning traffic and reading emails that are sent in clear text...
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027435
Is there a script or something someone could add to that button code so when the logoff button is clicked the connection is completely disconnected?
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 25027565
There we go!

Just like you guys said I configured it to force SSL use, I enabled Form Based Authentication on the Exchange directory in IIS, stopped and started the IIS directory then it started working like I want.

Thanks guys!
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question