OWA form based authentication and activesync issue

Posted on 2011-04-18
Medium Priority
Last Modified: 2012-05-11
dear sir,
we tried to enforce the OWA session time-out policy on Exchange 2003; therefore implemented the Form Based Authentication.
However, after implementing FBA, users who have mobil phones with ActiveSync. can no longer retrieve emails.
So, i read about the solution posted on MS support site:
this solution requires us to setup a front end virtual directory that does not have SSL for activesync connection.  My questions are -
1.  after implementing this soluton, does it mean that all communications between mobile devices and exchange server are not encrypted?
2.  if so, is there any solution for me to apply session restrictions on OWA and also apply SSL on all connections?


Question by:ATRIT
  • 2
  • 2
LVL 31

Expert Comment

ID: 35422008
1.) no, your devices will still use SSL if you have that ticked on the ActiveSync VD. Exchange will be talking to the exchange-oma directory not your devices
2.) see above

Author Comment

ID: 35449638
Modified posting,

We are talking about Method2 in Microsoft article.
it is the second VD instead of front-end VD because this is
one Exchange server situation.

We had SSL enabled for both OWA and ActiveSync. Everything was
working fine before applying the Form-based Authentication (FBA).

Actual SSL configuration:
Default Web Site
     ExchWeb                                       v  SSL
     Microsoft-Server-ActiveSync      v  SSL
     Rpc                                                 v  SSL
     RpcWithCert                                 v  SSL

After implementing FBA to enforce OWA time-out policy, ActiveSync
is interrupted.

It is said ActiveSync only connects with Exchange VD over port 80,
not over 443. But how does this explain we have used SSL for ActiveSync
for long time without any issue?

How does FBA interrupt ActiveSync?
LVL 31

Accepted Solution

MegaNuk3 earned 1500 total points
ID: 35452499
On a single server the ActiveSync directory talks to the 'Exchange' one using Windows/Kereberos authentication and when you put FBA on it turns the 'Exchange' directory into Basic auth only.

From the article you are posting:
"When you configure forms-based authentication on the Exchange Server 2003, the authentication method for the Exchange virtual directory is set to Basic authentication, and the default Domain is set to the backslash character. The Microsoft-Server-ActiveSync virtual directory can only connect to the Exchange virtual directory by using Kerberos authentication.

Author Closing Comment

ID: 36965928
comments more or less help

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question