locked
UAG OWA w/o Endpoint Components and session timeout RRS feed

  • Question

  • This is the first time I've published OWA with UAG (we usually use TMG), so I apologize in advance if I don't present the issue clearly.

     

    We are publishing Exchange 2010 Web Services via UAG per the Microsoft documented configuration, without requiring Endpoint Components to be installed on the client.  However, with OWA we are seeing two different session timeout prompts being presented.  

     

    The first one that shows up is a dialog box-style pop up and prompts the user to click OK to maintain the session, or cancel to log out.  This one occurs around 4-5 minutes and does not have a countdown timer and has been getting caught by the browser popup blocker.

     

    The second on that shows up appears to be a HTML-based web prompt which includes a countdown timer.  The options are to click OK to maintain the session, or cancel to log out.  This one seems to come up after 10-15 minutes (after about 3 occurrences of the prompt I previously mentioned).

     

    Obviously, getting two different prompts is confusing to the user, and at least one appears to be ignoring the Private/Public selection on the login screen.  I'm sure this is something simple I need to change, but I have yet to locate it.  Any help or suggestions are greatly appreciated.

     

    Thanks,

    Phil

    Tuesday, October 18, 2011 6:49 PM

Answers

  • Hi Phil,

    first of all UAG does not support the Private/Public login options of Exchange OWA.

    Instead of that, UAG makes use of the Default/Priviledge session functionality, which is automatically differentiated by the results of the client endpoint components. But unfortunately, when you disable the endpoint components you're also loosing the automatic default/priviledge session functionality. :(

    The remaining functionality (always use default session access) allows you to configure two different time out values - an inactivity timeout value and a maximum session lifetime. Both values can be configured as required on the advance trunk configuration settings.

    BTW: Can you provide some screenshots of the dialog boxes you get?

    -Kai

     

     


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Phil_Sharp Friday, October 21, 2011 2:18 PM
    Wednesday, October 19, 2011 8:36 AM

All replies

  • Hi Phil,

    first of all UAG does not support the Private/Public login options of Exchange OWA.

    Instead of that, UAG makes use of the Default/Priviledge session functionality, which is automatically differentiated by the results of the client endpoint components. But unfortunately, when you disable the endpoint components you're also loosing the automatic default/priviledge session functionality. :(

    The remaining functionality (always use default session access) allows you to configure two different time out values - an inactivity timeout value and a maximum session lifetime. Both values can be configured as required on the advance trunk configuration settings.

    BTW: Can you provide some screenshots of the dialog boxes you get?

    -Kai

     

     


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Phil_Sharp Friday, October 21, 2011 2:18 PM
    Wednesday, October 19, 2011 8:36 AM
  • FYI - UAG SP1 Update 1 has some fixes for OWA 2010 publishing: http://support.microsoft.com/kb/2585140/en-us#Fix9

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, October 19, 2011 9:36 AM
  • Hi Jason,

    do you have additional information what this fix covers?

    Is this just a fix for the UAG timeout calculation or does it introduce support for the requested "manual public/private session" modes? 

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    Wednesday, October 19, 2011 9:42 AM
  • I think it is just a timeout specific fix, as opposed to changing functionality...not had chance to try it yet :(
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, October 19, 2011 9:44 AM
  • Thanks for the replies.  I have applied Update 1 per Jason's suggestions.  It now seems that I am not getting the HTML session prompt, but I am still getting the browser popup (see link below).  Where is this configured on the trunk?  I also find it somewhat silly that the UAG OWA form gives the option of Private/Public if it doesn't adhere to them.

     

    http://db.tt/mTapmLyi


    • Edited by Phil_Sharp Wednesday, October 19, 2011 3:20 PM
    Wednesday, October 19, 2011 3:20 PM
  • Ok, so since I disabled the Endpoint Components, only the "Inactive session timeout" applies, and that is most likely the timeout pop up that I am seeing.  Thanks for your help!
    Friday, October 21, 2011 2:18 PM