RE: OWA Loading Issue



Hello Chad,

Thanks for posting in our newsgroup.

I am sorry for the delay due to the weekend.

First please let me know why you are trying to get the OWA interface to not
display the loading message. The OWA logon screen prompts to input
credential to access the Exchange, this is more secure to your Exchange and
user information:

To configure Exchange Server so that user can login OWA automatically,
please follow steps below.

Step 1: Disable Forms-Based Authentication (FBA) and enable Integrated
Windows Authentication (NTLM) in Exchange virtual directory.

First of all, since enabling forms-based authentication (Cookie-auth)
enables a new logon page for Outlook Web Access, user must provides the
credential for OWA login, please first disable FBA. More info here:

How to manage Outlook Web Access features in Exchange Server 2003
http://support.microsoft.com/?id=830827#XSLTH3157121124120121120120

Next, please enable Integrated Windows Authentication (NTLM) in Exchange
virtual directory as below.

1. In Exchange System Manager, expand the Exchange Server, expand Protocol
container, expand HTTP, expand Exchange Virtual Server.
2. Right click Exchange virtual directory, click Properties.
3. In Access tab, click Authentication, make sure "Integrated Windows
Authentication" is checked.
4. Wait for 15- 20 minutes for the replication from AD to IIS Metabase, or
you can restart Exchange System Attendant service to expedite the process.

After enabling Integrated Windows Authentication, Internet Explorer will
use Windows Logon Account to login OWA which means only users who use
domain user account to login this workstation can successfully login OWA
automatically.

The validity of Integrated Windows Authentication is depending on the
Network Topology. Based on our experience, it may be unavailable when the
Network Routing is complex. More info here:

327843 Troubleshooting Outlook Web Access logon failures in Exchange 2000
and in Exchange 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;327843

In short, all information above means only in workstations within
LAN/domain, user can login OWA successfully.

For more information regarding Basic Authentication and Windows Integrated
Authentication, here it is.

1. Basic Authentication:

Uses encoded (Base64) text to transmit the password from the client to the
browser. Basic is the only option available if users are accessing OWA
across the internet or if a non Microsoft browser is used. The following is
a portion of a HTTP packet using Basic authentication to access OWA:

HTTP: Authorization = Basic ZnJlZDpwYXNzd29yZA==

The garbled string is actually Base64 encoding (not encryption). When
decoded using the Base64 utility it translates to fred:password. SSL should
always be used in conjunction with Basic to protect the password on the
wire.


2. Integrated Windows Authentication:
Uses the native security process of the client and includes NTLM and
Kerberos. Kerberos is always preferred but is only available in IE5 and
Windows 2000 or later. Earlier versions of IE or Windows will use NTLM in
this case. Integrated Windows Authentication provides two main benefits:

1). Secure Logon - The log on is secure because the password is not
actually sent across the wire. Instead data hashed by the password (similar
to a digital signature) is sent from the client to the server for
authentication.

2). Integrated Logon - This means that the user is not asked for a username
and password if they are already logged in to their domain
account. The browser simply acquires the credentials of the console session
and sends it to the server in the background.

Non Microsoft browsers will generally not support NTLM or Kerberos
authentication. Also, Integrated Windows Authentication is usually only
available on your intranet, as it does not work on the Internet.

Note: If multiple authentication options are selected, IIS tries to
negotiate the most secure method first, and then it works down the list of
available authentication protocols until a mutual authentication protocol
is supported by both client and server.


Step 2: In OWA Client, when user first login OWA, Internet Explorer prompts
for credential, please input the credential and check "Save Password" box,
which will store your password in workstations.

Hope the information helps.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<From: ckramer7070@xxxxxxxxx
<Newsgroups: microsoft.public.windows.server.sbs
<Subject: OWA Loading Issue
<Date: Fri, 15 Jun 2007 10:21:13 -0700
<Organization: http://groups.google.com
<Lines: 20
<Message-ID: <1181928073.461323.48040@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<NNTP-Posting-Host: 66.242.41.49
<Mime-Version: 1.0
<Content-Type: text/plain; charset="iso-8859-1"
<X-Trace: posting.google.com 1181928073 16610 127.0.0.1 (15 Jun 2007
17:21:13 GMT)
<X-Complaints-To: groups-abuse@xxxxxxxxxx
<NNTP-Posting-Date: Fri, 15 Jun 2007 17:21:13 +0000 (UTC)
<User-Agent: G2/1.0
<X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4,gzip(gfe),gzip(gfe)
<Complaints-To: groups-abuse@xxxxxxxxxx
<Injection-Info: n2g2000hse.googlegroups.com; posting-host=66.242.41.49;
< posting-account=z3gYvw0AAABGMgQejrmZiCGu-BEjtwwl
<Bytes: 1466
<Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!news-out.
cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!border1.nn
tp.dca.giganews.com!nntp.giganews.com!postnews.google.com!n2g2000hse.googleg
roups.com!not-for-mail
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:44279
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<I am having a lot of trouble getting the OWA interface to NOT display
<the Loading message, quick question:
<
<Can anyone tell me exactly what should be set for Authentication on
<the following sites:
<ClientWebService
<OMA
<REMOTE
<Public
<Exchange
<Exadmin
<ExchWeb
<
<This would be in a non-custom install, also looking for help from
<anyone who has the Premium interface working with EX SP2.
<
<Thanks,
<
<Chad
<
<

.



Relevant Pages

  • Re: No Contacts in OWA
    ... Unchecking the Forms Based Authentication did the trick. ... >>I can access my OWA on the internet via my company website, ... >>This is not a sync problem as I checked the folder listing for ... >>exchange and the local folder and they are identical. ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA Site Folder Contents
    ... Is authentication successful if you enter DOMAINNAME\username in the ... Do you use OWA internally pr over the Internet? ... >> In IIS manager the Exchange Virtual Directory is empty. ... The ExchWeb folder has ...
    (microsoft.public.exchange.admin)
  • Re: OWA logon
    ... By comparing the authentication settings between ... Exchange and OWA I found out that Exchange had Basic Authentication and ... Windows Authentication enabled. ... settings are configured for both the Exchange and the OWA Virtual ...
    (microsoft.public.exchange.clients)
  • Exchange 2003 OWA Authentication
    ... authentication puzzle on Exchange 2003 OWA so I thought I ... The web site that Exchange is installed on will have other ...
    (microsoft.public.exchange.setup)
  • Re: Safeword Integration
    ... Configuring Exchange 2007 to work with the OWA Agent ... The authentication mechanism needs to be changed to Basic ...
    (microsoft.public.de.german.isaserver)