OWA Integrated Authetication on Exchange multi-rol server
Hi all, I have an Exchange multi-rol server (Mailbox+Client Access+Hub Transport), and I need that when users access to OWA URL from internal network, they enter directly without entering credentials. Actually, OWA and ECP virtual directories are configured with integrated authentication only, but when users try to access OWA, they get a credential prompt (like basic authentication) Is this the normal behaviour? Does OWA integrated authentication works (or not) with multi-rol server? Can I do any change or configuration to get this working? Thanks!!!
May 31st, 2012 2:18pm

Hi, By default, IE will only automatically log on to domain that you have specified in the Local Intranet Zone and I don't think you have added your domain there (can be done using Group Policies) Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2012 3:25pm

Thanks Martina for your response. You are right. I have modified this setting and now it is working. Thanks!
June 1st, 2012 3:33am

Thanks Martina for your response. You are right. I have modified this setting and now it is working. Thanks!
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2012 3:42am

I have found a problem with this configuration. When a user tries to access to his mailbox from a machine in which he has not login with his credentials, the user is not prompted to insert credentials, only appears a 403 - Access Denied, due to credentials (really, the credentials presented belong to the users who is logged on this machine due to Integrated autentication) Any ideas to solve it? Thanks!
July 19th, 2012 5:52am

Personally I think it's best to use Form-Based Authentication. Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 6:20am

I am agree with you, but...... our customer wants Integrated authentication to avoid FBA to internal users. On CAS, OWA and ECP virtual directory, Integrated and basic authentication are enabled. OWA URL is added to Local Intranet in IE by GPO. When a user tries to access to his mailbox from a machine in which he has not login with his credentials, the user is not prompted to insert credentials, only appears a 403 - Access Denied, due to credentials (really, the credentials presented belong to the users who is logged on this machine due to Integrated authentication. Can this behaviour be changed withouth modify the actual configuration?
July 19th, 2012 8:34am

Hi, What exactly did you add to the local intranet zone? Not *.yourdomain.com The error you get could have to do with the user is not able to log on successfully to /ecp/* Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 9:25am

The URL added to Intranet zone is: owa.domain.com. The user can successfully access to ECP. User1 is logged on the machine A. When try to access owa, he only puts the URL and can access to his mailbox without authentication. In the same session (User1 continued logged) User2 tries to access to his mailbox through OWA putting: https://owa.domain.com/owa/user2@domain.com, but appears this message:"Your mailbox appears to be unavailable. Try to access it again in 10 seconds. If you see this error again, contact your helpdesk." With Exchange 2003 (OWA 2003), this works fine. Is this a new limitation on Exchange 2010 (OWA2010) Thanks
July 19th, 2012 10:01am

Even in Exchange 2003 I always recommended to use FBA, so I really don't know if it used to work then. But if you say it did than I guess that is the case. In Exchange 2010 /ecp is also called when you log on, so maybe that causes problem for you. The customer might understand why it would be better to use FBA, if you explain it to them. It's to easy to get into somebody elses mailbox using WindowsAutentication and just having to type the password when you want to use OWA (if private computer is checked" isn't that hard. I think its hard for the user to remember to add /owa/user2.domain.com in the URL.Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 2:50pm

The URL added to Intranet zone is: owa.domain.com. The user can successfully access to ECP. User1 is logged on the machine A. When try to access owa, he only puts the URL and can access to his mailbox without authentication. In the same session (User1 continued logged) User2 tries to access to his mailbox through OWA putting: https://owa.domain.com/owa/user2@domain.com, but appears this message:"Your mailbox appears to be unavailable. Try to access it again in 10 seconds. If you see this error again, contact your helpdesk." With Exchange 2003 (OWA 2003), this works fine. Is this a new limitation on Exchange 2010 (OWA2010) Thanks Thanks Martina for your great help. The behaviour I described: is normal on Exchange 2010 (OWA) with integrated and basic authentication enbled on OWA and ECP virtual directories or not?
July 20th, 2012 3:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics