We help IT Professionals succeed at work.

Exchange forms based authentication and integrated security.

Line One
Line One asked
on
Hello Experts,

Everytime we reboot our server the Exchweb directory loses it's Integrated Authentication security setting.
We have a Exchange 2003 server and through the system manager we can see that the setting in the HTTP>Exchange properties that the integrated authenitcation is not selected and is greyed out.

 Is there anything else we can do to correct this ?

We appreciate your assistance.

Comment
Watch Question

Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
check weather integrated authentication are enabled on IIS default website and ExWeb active directory , enable them if they are not
Commented:
If you have FBA (forms based auth) enabled, you cannot simulataneously have Integrated enabled for OWA. If you want both to work simultaneously, what I suggest doing is this:

1. Create a second OWA site in System Manager (I think this automatically creates a corresponding IIS web site- if not, create a new site in IIS first, then create the OWA site in ESM.

2. Configure the new OWA/IIS site to listen on a unique IP, port, or dedicated host header (to avoid a conflict with the current OWA/IIS site)

3. Configure one OWA site with ESM to use FBA, the other site configure for Integrated Auth.

4. Create an internal DNS record so that internal clients are sent to the OWA/IIS site with Integrated Auth, ensuring it's unique vs. the publicly accessible OWA/IIS site.

Let me know if you need more details, I've been deep in Ex 2007/2010 for the past 4 years so it's hard to remember all the details of 03!

Author

Commented:
Hello BeyondNXT,

   The solution you provided definitely sounds feasible.
I will try this out and let you know if it all works out ok.
As you mentioned the problem is the forms and integrated authentication do not work together during startup.
It's strange that you can enable it after though and it works fine as long as someone can start the integrated authentication manually.

Thanks.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:

Author

Commented:
Thanks - I will read through these.

Author

Commented:
Thanks BeyondNXT,

Your solution led me to do a metabase cleanup and after having all the exchange directories removed the anonymous login had to be changed and that corrected all the issues with the virtual directory.

Thanks, Lineonecorp