RE: OWA Loading Issue
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Mon, 18 Jun 2007 05:05:27 GMT
Thanks for posting in our newsgroup.
I am sorry for the delay due to the weekend.
First please let me know why you are trying to get the OWA interface to not
display the loading message. The OWA logon screen prompts to input
credential to access the Exchange, this is more secure to your Exchange and
To configure Exchange Server so that user can login OWA automatically,
please follow steps below.
Step 1: Disable Forms-Based Authentication (FBA) and enable Integrated
Windows Authentication (NTLM) in Exchange virtual directory.
First of all, since enabling forms-based authentication (Cookie-auth)
enables a new logon page for Outlook Web Access, user must provides the
credential for OWA login, please first disable FBA. More info here:
How to manage Outlook Web Access features in Exchange Server 2003
Next, please enable Integrated Windows Authentication (NTLM) in Exchange
virtual directory as below.
1. In Exchange System Manager, expand the Exchange Server, expand Protocol
container, expand HTTP, expand Exchange Virtual Server.
2. Right click Exchange virtual directory, click Properties.
3. In Access tab, click Authentication, make sure "Integrated Windows
Authentication" is checked.
4. Wait for 15- 20 minutes for the replication from AD to IIS Metabase, or
you can restart Exchange System Attendant service to expedite the process.
After enabling Integrated Windows Authentication, Internet Explorer will
use Windows Logon Account to login OWA which means only users who use
domain user account to login this workstation can successfully login OWA
The validity of Integrated Windows Authentication is depending on the
Network Topology. Based on our experience, it may be unavailable when the
Network Routing is complex. More info here:
327843 Troubleshooting Outlook Web Access logon failures in Exchange 2000
and in Exchange 2003
In short, all information above means only in workstations within
LAN/domain, user can login OWA successfully.
For more information regarding Basic Authentication and Windows Integrated
Authentication, here it is.
1. Basic Authentication:
Uses encoded (Base64) text to transmit the password from the client to the
browser. Basic is the only option available if users are accessing OWA
across the internet or if a non Microsoft browser is used. The following is
a portion of a HTTP packet using Basic authentication to access OWA:
HTTP: Authorization = Basic ZnJlZDpwYXNzd29yZA==
The garbled string is actually Base64 encoding (not encryption). When
decoded using the Base64 utility it translates to fred:password. SSL should
always be used in conjunction with Basic to protect the password on the
2. Integrated Windows Authentication:
Uses the native security process of the client and includes NTLM and
Kerberos. Kerberos is always preferred but is only available in IE5 and
Windows 2000 or later. Earlier versions of IE or Windows will use NTLM in
this case. Integrated Windows Authentication provides two main benefits:
1). Secure Logon - The log on is secure because the password is not
actually sent across the wire. Instead data hashed by the password (similar
to a digital signature) is sent from the client to the server for
2). Integrated Logon - This means that the user is not asked for a username
and password if they are already logged in to their domain
account. The browser simply acquires the credentials of the console session
and sends it to the server in the background.
Non Microsoft browsers will generally not support NTLM or Kerberos
authentication. Also, Integrated Windows Authentication is usually only
available on your intranet, as it does not work on the Internet.
Note: If multiple authentication options are selected, IIS tries to
negotiate the most secure method first, and then it works down the list of
available authentication protocols until a mutual authentication protocol
is supported by both client and server.
Step 2: In OWA Client, when user first login OWA, Internet Explorer prompts
for credential, please input the credential and check "Save Password" box,
which will store your password in workstations.
Hope the information helps.
If you need further assistance, please don't hesitate to let me know.
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
This posting is provided "AS IS" with no warranties, and confers no rights.
<Subject: OWA Loading Issue
<Date: Fri, 15 Jun 2007 10:21:13 -0700
<Content-Type: text/plain; charset="iso-8859-1"
<X-Trace: posting.google.com 1181928073 16610 127.0.0.1 (15 Jun 2007
<NNTP-Posting-Date: Fri, 15 Jun 2007 17:21:13 +0000 (UTC)
<X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:18.104.22.168) Gecko/20070515 Firefox/22.214.171.124,gzip(gfe),gzip(gfe)
<Injection-Info: n2g2000hse.googlegroups.com; posting-host=126.96.36.199;
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:44279
<I am having a lot of trouble getting the OWA interface to NOT display
<the Loading message, quick question:
<Can anyone tell me exactly what should be set for Authentication on
<the following sites:
<This would be in a non-custom install, also looking for help from
<anyone who has the Premium interface working with EX SP2.
- Re: OWA Loading Issue
- From: ckramer7070
- Re: OWA Loading Issue
- OWA Loading Issue
- From: ckramer7070
- OWA Loading Issue
- Prev by Date: RE: sbs2003 and adding a user
- Next by Date: Re: Help for ISA Server 2004 SE using POP3/SMTP
- Previous by thread: OWA Loading Issue
- Next by thread: Re: OWA Loading Issue