Re: OWA Issues
- From: v-chacez@xxxxxxxxxxxxx (chace zhang)
- Date: Mon, 18 Sep 2006 07:00:32 GMT
Hi,
Thank you for posting here.
From your post, I understand some users login OWA without a credentialprompt, if I'm off base, please feel free to let me know.
Based on my research, I'd like to provide you the following steps to narrow
down this issue:
Step 1:
Please check if you enabled Integrate Authentication on Exchange Virtual
Directory
Please verify Authentication settings by the following steps.
For Exchange virtual directory:
1. Open IIS Manager
2. Open properties of virtual directory Exchange/Exchange-oma
3. Select Directory Security tab
4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:
Authentication Methods
Enabled Basic authentication
Disabled Integrated Windows authentication
Disabled anonymous access
After any changes, please restart IIS Admin service and try again.
Step 2 clear the IE cache at the client side?
1. Open IE, and go to Tools -> Internet Options.
2. Select Delete Files, check "Delete all offline files" and click OK to
confirm that you want to delete the content. Then check if the issue
disappears.
Also I assuming you do not enable Forms-based authentication on OWA,
enabling forms-based authentication (Cookie-auth) lets you enable a new
logon page for Outlook Web Access that stores the user's name and password
in a cookie instead of in the browser. When a user closes the browser, the
cookie is cleared. Additionally, after a period of inactivity, the cookie
is cleared automatically. To access e-mail, the new logon page requires the
user to enter a domain, a user name, and a password, or a full user
principal name (UPN) e-mail address and password. Forms-based
authentication logon does not support Microsoft .NET Passport
authentication with Outlook Web Access. This is a limitation of the Forms
Based Authentication feature in Exchange 2003.
To enable forms-based authentication in Exchange 2003, follow these steps
below.
1. Start Exchange System Manager.
2. If administrative groups are enabled, expand Administrative Groups.
3. Expand Servers, and then expand your front-end server.
4. Expand Protocols, expand HTTP, right-click Exchange Virtual Server, and
then click Properties.
5. Click the Settings tab, and then click to select the Enable Forms Based
Authentication check box.
6. In the Compression list, click the level of compression that you want.
7. Click OK.
8. If you receive a message that states that the IIS service must be
restarted, click OK. To restart IIS, type the following command at a
command prompt: iisreset.
If you have any other concern on this issue, please feel free to let me
know.
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on Exchange technical issues. If you have
issues regarding other Microsoft products, you'd better post in the
corresponding newsgroups so that they can be resolved in an efficient and
timely manner. You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
| References: <9685AC78-246C-47E0-A75C-C7A59EBE8793@xxxxxxxxxxxxx>
<12gldeg8v8mq0b2@xxxxxxxxxxxxxxxxxx>
<1158341687.211525.277470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<uNp2X$O2GHA.4176@xxxxxxxxxxxxxxxxxxxx>
<B04EFF99-1343-4D73-AE44-0E0D9D35F8ED@xxxxxxxxxxxxx>
| Subject: Re: OWA Issues
| Date: Fri, 15 Sep 2006 14:54:33 -0500
| Lines: 90
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| X-RFC2646: Format=Flowed; Original
| Message-ID: <eFpPFDQ2GHA.3576@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.exchange.admin
| NNTP-Posting-Host: corp.messageone.com 66.219.55.2
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.admin:569129
| X-Tomcat-NG: microsoft.public.exchange.admin
|
| Integrated authentication = Kerberos, which doesn't usuallly work over
the
| Internet.
|
| Note that I didn't say that it was a "security" issue to have Integrated
| enabled for internal access. The only security hole would be if an admin
| leaves their workstation unlocked, and if that is happening, you have
more
| serious problems than OWA automatically logging you in!
|
| As for your question, if you are only using Basic auth, then yes,
passwords
| are transmitted in plain text. However, if you are using an SSL
certificate
| (which would be recommended), then the entire connection is encrypted, so
| it's a rather moot point, as you'd have to break the encryption key in
order
| to see the contents of the packets.
|
| --
| Ben Winzenz
| Exchange MVP
| MessageOne
| Read my blog!
| http://winzenz.blogspot.com
| http://feeds.feedburner.com/winzenz (RSS Feed)
|
|
| "George Schneider" <georgedschneider@xxxxxxxxxxxxxx> wrote in message
| news:B04EFF99-1343-4D73-AE44-0E0D9D35F8ED@xxxxxxxxxxxxxxxx
| > wouldn't it be a security risk not to use integrate authentication.
| > wouldn't
| > the passwords be sent in clear text?
| >
| > "Ben Winzenz [Exchange MVP]" wrote:
| >
| >> Huh? How about one more time in English, please.
| >>
| >> Normally, the issue here is that either Integrated authentication is
| >> enabled
| >> on the Exchange vdir, or someone has saved their password in IE's
| >> password
| >> cache. Both can be fixed, albeit by different methods.
| >>
| >> Forms-based authentication doesn't necessarily fix this.
| >>
| >> --
| >> Ben Winzenz
| >> Exchange MVP
| >> MessageOne
| >> Read my blog!
| >> http://winzenz.blogspot.com
| >> http://feeds.feedburner.com/winzenz (RSS Feed)
| >>
| >>
| >> "dk" <darshan.kolambkar@xxxxxxxxx> wrote in message
| >> news:1158341687.211525.277470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| >> > Hello
| >> > See the users having rights on mail boxes will get direct access will
| >> > no more prompt for any password check mailbox rights. I can say u
this
| >> > issue resolved by owa with form base authentication.
| >> >
| >> > Darshan
| >> >
| >> >
| >> > Chad Mahoney wrote:
| >> >
| >> >> George Schneider wrote:
| >> >> > I've been having this ssssue for some time. When any user thta
is a
| >> >> > member
| >> >> > of the Domain Admins group attempts to check thir mail via OWA
they
| >> >> > go
| >> >> > right
| >> >> > into their mail without being prompted for a user name or
password.
| >> >> > This
| >> >> > almost sounds like its a rights issue somewhere. Any help will be
| >> >> > greatly
| >> >> > appreciated.
| >> >>
| >> >>
| >> >> I would check the IE settings, goto tools Internet options and to
the
| >> >> security tab. If you hit custom level and scroll to the bottom you
| >> >> will
| >> >> see an option about user authentication, it will probably be set to
| >> >> use
| >> >> current user name and password for users automatically logging into
| >> >> OWA
| >> >> and probally set to prompt for users having to enter there
| >> >> credentials.
| >> >
| >>
| >>
| >>
|
|
|
.
- References:
- Re: OWA Issues
- From: Chad Mahoney
- Re: OWA Issues
- From: dk
- Re: OWA Issues
- From: Ben Winzenz [Exchange MVP]
- Re: OWA Issues
- From: Ben Winzenz [Exchange MVP]
- Re: OWA Issues
- Prev by Date: Re: Accepting mail for 2 domains then merging
- Next by Date: Re: Install Exchange 5.5 in Windows 2003 Server
- Previous by thread: Re: OWA Issues
- Next by thread: Saving exchange data locally
- Index(es):
Relevant Pages
|
