Exchange 2003 SP1 & Forms Based Authentication RRS feed

  • Question

  • 'Outlook Web Access' has previously been configured to use SSL.

    I've just enabled 'Forms Based Authentication' on Exchange 2003 SP1.  There is no front-end server in our environment.

    Exchange System Manager -> Servers -> Protocols -> HTTP -> Exchange Virtual Server -> Properties -> Settings

    Now when users go to 'Outlook Web Access' on the internal LAN they are being prompted to enter their username and password.

    I notice that 'Integrated Windows Authentication' is now unchecked and all the settings are greyed out when I navigate to the following which could be the reason for this behaviour.  'Basic authentication' is checked.

    Exchange System Manager -> Servers -> Protocols -> HTTP -> Exchange Virtual Server -> Exchange -> Properties -> Access -> Authentication

    'https://mail.mydomain' is already added to the 'Local Intranet' zone of 'Internet Explorer' on our client PCs.

    Is there a way to configure Exchange 2003 so that 'Forms Based Authentication' enabled OWA stops asking logged in LAN users for their credentials?

    Monday, August 4, 2014 10:14 AM

All replies

  • FBA uses "Cookie-Auth" and basic authentication. If you want your internal users to avoid the login prompt you can use a split-brain DNS and two different web sites, one using FBA and the other NTLM.

    --- Rich Matheisen MCSE&I, Exchange MVP

    Thursday, August 7, 2014 6:33 PM
  • It's a while since I looked at this, but ISTR that you could still go into IIS Manager and enable Integrated Auth on the Exchange VDir for your internal users. Not a supported config, I'd guess, but I think it did work for some.

    OWA For SmartPhone

    Friday, August 8, 2014 11:38 AM
  • Once 'Forms Based Authentication' authentication was enabled, I did try going to the following location in IIS and ticking 'Integrated Windows authentication'.  'Basic authentication' was already ticked.

    IIS > Default Web Site > Exchange > Directory Security > Authentication Methods

    However, OWA still kept asking logged in LAN users for their credentials.

    I really hoped this simple solution would be the answer because non 'Forms Based Authentication' OWA works perfectly inside and outside the LAN with 'Basic authentication' and 'Integrated Windows authentication' ticked.

    Friday, August 8, 2014 1:42 PM
  • Hi GlenV,

    Since Exchange 2003 server has already out of support, I suggest migrate to Exchange 2010 or later.

    Found a related resource for your reference:

    Rapid Migration Guide from Exchange 2003 to Exchange 2010 




    Mavis Huang
    TechNet Community Support

    Monday, August 11, 2014 4:45 AM
  • Does it make any difference if you use http instead of https internally? You'd need to temporarily remove the requirement on the Exchange VDir to check.

    OWA For SmartPhone

    Monday, August 11, 2014 9:45 AM