locked
OWA timeout issue- Diagnosing in CAS Server RRS feed

  • Question

  • Hello There,

    There's an ongoing OWA idol timeout issue in my organization. I am trying dygnosing at every possible point step by step. Meanwhile, I am stuck in my ISA Server where I want to see the idol timeout settings configured, but can't. I went to ISA Server management console, then Firewall, then the specific array (rule) where OWA is published and a direct connectivity to internet, then it's properties, and then again the listner properties, and then the forms tab. In the forms tab I see every option is in disabled state (grayed out). And I am not able to click Advanced option in that page to derrive the timeout settings.

    I have paused the rule, then tried again, but no success. Also I disabled the rule and then again done the same procedure, but still faced the same. Can you please let me know what else I could do to get the same options highlighted and accessable.

    Sorry if posted in wrong group..

    Thanks !! 


    Monday, November 21, 2011 1:32 PM

All replies

  • Hi
       Maybe you should narrow down the scope of your issue.
       1. Does owa work well ? Can you access owa by internal network ?
          No: it is CAS role problem not ISA problem. You should restart IIs and check relevant event error.
          Yes : If owa works well, it is ISA problem. Can you turn off ISA and connect exchange server to internet? If it works well, you should post thread to ISA forum
      
    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
    Wednesday, November 23, 2011 1:54 AM
  • Hello Terence,

    Thanks for your suggestion. I would post this thread to the recommended ISA forum (for the above ISA window).

     

    However, I found that we haven't configured any OWA timeout settings on ISA. It's just for publishing our OWA.

    1. From internal network we are able to connect OWA, but facing the timeout concern.

    2. From internet also we are able to connect to OWA, but facing timeout concern.

    We checked both logging in via public/ private sessions. In private sessions, we are logged off in 1hr/ 45mins/ 30mins/ 1.5hrs and so on.

     

    I found a post over the internet to add a dword value of timeout to CSA regestry. But why to add anything else if CAS has inbuilt functionality to cater OWA timeout sessions as 15mins and 8hrs for public and private sessions respectively? I found no logic to it.

    But I am rather interested in diagnosing the actual root cause to the error.

     

    Thanks !!

     

    Wednesday, November 23, 2011 2:04 AM
  • Hi
       Can you post any owa timeout error page or other error information?
    Wednesday, November 23, 2011 7:55 AM
  • Hello Terence,

    In case of OWA session timeout (exchange 2007), there produces no error, but returns to the login page again after. I am trying to figure out as why is this happening. Also I am not able to relate any event IDs to this issue.

    Please find the event IDs which I am suspecting to be related to this issue.

     

     

    • Process IISIPMCBD93AC3-1DEA-4625-81F6-F08FCCAB4A2B -AP "MSEXCHANGEOWAAPPPOOL (PID=9016). Closing connection to the server dc01.domain.org at port 389.
    • Process IISIPMCBD93AC3-1DEA-4625-81F6-F08FCCAB4A2B -AP "MSEXCHANGEOWAAPPPOOL (PID=9016). Opening new connection to server dc01.domain.org at port 389. Connection pool: 0.

     

     

    • Process IISIPMCBD93AC3-1DEA-4625-81F6-F08FCCAB4A2B -AP "MSEXCHANGEOWAAPPPOOL (PID=9016). Closing connection to the server DC03.domain.org at port 389. 

     

    • Process IISIPMCBD93AC3-1DEA-4625-81F6-F08FCCAB4A2B -AP "MSEXCHANGEOWAAPPPOOL (PID=9016). Opening new connection to server DC03.domain.org at port 389. Connection pool: 0. 

     

    • Also event ID 2095

     

    Thanks !!


    Wednesday, November 23, 2011 8:26 AM
  • Hi
       Maybe I misunderstand your saying.  
       Do you mention this article ?
      
    How to Set the Forms-Based Authentication Private Computer Cookie Time-Out Value

    Wednesday, November 23, 2011 8:44 AM
  • Hello,

    Exactly the same. You understood well. I am referring to this MSKBA only, where it says to add 2 DWORD values. My question is why to add the values? As exchange 2007 has built in value set for OWA timeout, which is not able to implement to our organization.

    Can you please help me diagnose this?

    Wednesday, November 23, 2011 9:01 AM
  • Hi
       I just find similar case.
       
    Symptom

    External OWA users are not timing out even after 24 hours of inactivity when connecting through an ISA Server.

    Cause

    We verified that we were not using FBA on either ISA or Exchange. The server needs the client cookie to time out a session which is only possible through FBA.

    Resolution

    You would have to configure either the ISA Server or the Exchange Server OWA with FBA Authentication.

    The OWA timeout feature is dependent on the client cookie that either ISA or Exchange stores.When the Servers have the cookie, we have the control to timeout the cookie and make the client re-login. Cookie based authentication is only possible through FBA.

    Another question: why to add the value?
        As far as I know, this kb just offers way to modify timeout value not create.

    Wednesday, November 23, 2011 9:18 AM
  • Hello,

    I would be grattified, if you may please post me any related MSKBA or any article to configure Form Based Auth in our CAS. I know it for ISA, which I would configure myself.

    Thanks !!

    Wednesday, November 23, 2011 9:27 AM
  • Hello,

    Can I refer to the below MSKBA?

    http://technet.microsoft.com/en-us/library/aa998867%28EXCHG.80%29.aspx

    Wednesday, November 23, 2011 9:30 AM
  • Hello,

     

    I reviewed my settings and found the FBA to be already enabled in all CAS Server. Please refer the below screenshot.

    Any more suggestions please??

    Wednesday, November 23, 2011 9:36 AM
  • Hi
       Your setting is correct.
       1. modify setting of timeout 30 to 25 (register or shell)
       2. Restart IIS and w3wp
       please post the result .

    Wednesday, November 23, 2011 9:44 AM
  • Hello,

    But where has to be the settings for timeout? Going back to below registry npath, I see no DWORD value. Are they ought to be there by built? Or there is another location?

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

     

    Thanks!!


    Wednesday, November 23, 2011 10:34 AM
  • Can any one help me out of this please?
    Friday, November 25, 2011 10:12 AM
  • You need to set the public and local timeout settings for OWA, this can be done by following registry modification:

    NOTE : If you don’t see the DWORD values named, PublicTimeout and PrivateTimeout then you have create then manually.


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
    Name: PublicTimeout
    Type: DWORD
    Value: {value in minutes} (This value is 15 minutes by default)

    The above suggestion applies only when the user selects the Public Computer option from the OWA logon screen. For the user who select the Private Computer from the logon screen you might want to modify:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
    Name: PrivateTimeout
    Type: DWORD
    Value: {value in minutes} (This value is 8 hours by default)

    Please find below article for your referance

    http://msexchangegeek.com/2009/10/22/changing-owa-time-out-on-an-exchange-2007-computer/

    Please take registry backup and then do the changes

    Girishp

     


    Saturday, November 26, 2011 6:19 AM
  • Hello Girish,

    For reasons, I do not agree your suggestion as answer to my question. As per your suggestion, MS tells how to modify the BUILT IN DEFAULT value for OWA time-out. Also those two articles of MS has been tagged as CONTENT BUG by me and others.

    When we configure FBA, no value gets created in CAS (as told above), rather the FBA settings adhere to the built in timeout configuration (i.e. 15mis and 8hrs in exchange 2007).


    My question lies that, I have configured FBA, then why not my exchange is following the built in settings of exchange and why do I need to create DWORDS? I do not want to modify the time-out, rather want my box to follow the already configured settings.

     

    I just need to diagnose that why exchange is not doing as expected??

    Saturday, November 26, 2011 9:43 AM
  • Hello Friends,

     

    Any more suggestions from any one else expert...

    Wednesday, November 30, 2011 7:32 PM
  • Hello,

    This is to update that I found the issue, but still diagnosing the root one. When CAS is connected directly via OWA i.e. https://CASServer/owa then the idle timers are working as expected. Whenever the connection is routed through the NLB IP (which is a Cisco switch), the issue begins. So we are clear to an extent, that the issue is from the NLB device.

    However, now we are diagnosing the same with the device, but we do not have a very deep knowledge of that. We are using Catalyst 6500 switch running Cisco IOS®.

    Any suggestion will be appreciated.

     

    Thanks !!

    Monday, December 19, 2011 11:10 PM