locked
certificate base authentication in exchange 2016 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Dear Experts,

    I am to setup certificate based authentication in exchange 2016 so that when i type it on browser a certficate popup to select the certficate issue to user and then i am able to login. I followed this article 

    https://docs.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/configure-certificate-based-auth?view=exchserver-2019

    and i use AD CS to issue certficate to user. 

    but when i type the owa url it says " http 403 forbidden error The website declined to show this webpage". This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

    what additional step do i have to follow. 


    Friday, September 13, 2019 6:50 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    The blog link works on my side: Exchange 2016 – Enable & Troubleshoot Certificate Based Authentication for OWA/Active Sync It's written in German, you can translate it to English with your browser. 

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Additionally, please make sure you have disabled all other authentication methods and enabled client certificate mapping for OWA virtual directory.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, September 19, 2019 9:02 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

    Are you getting a certificate popup when launching OWA?

    Which certificate is it? the root certificate?

    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, September 15, 2019 6:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

    Are you getting a certificate popup when launching OWA?

    Which certificate is it? the root certificate?

    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Are you getting a certificate popup when launching OWA?

    i am not getting any popup. However before going for certificate based authentication it is working fine with https. then we configured certificate based authentication this suppose to come up with  user certtifcate but it doesnot come just forbidden error. 

    Which certificate is it? the root certificate?

    yes we configure CA and issue certficate from AD CS for user as well for exchange. 

    Monday, September 16, 2019 5:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can reproduce this issue and check IIS logs for more information. The default path is C:\inetpub\logs\LogFiles\W3SVC1.

    Here is a similar blog about certificate-based authentication issue: Exchange 2016 - Enable & Troubleshoot Certificate Based Authentication for OWA / Active Sync Please check and make sure no other non-self-signed certificates in Trusted Root Certification Authorities cert store.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, September 16, 2019 8:27 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can reproduce this issue and check IIS logs for more information. The default path is C:\inetpub\logs\LogFiles\W3SVC1.

    Here is a similar blog about certificate-based authentication issue: Exchange 2016 - Enable & Troubleshoot Certificate Based Authentication for OWA / Active Sync Please check and make sure no other non-self-signed certificates in Trusted Root Certification Authorities cert store.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thanks for giving me tips. 

    no clue in logs. Your similar blog url did open can you please confirm at your end and resend.  it is taking me to another page. All is configured as per technet only i get is forbidden error that i dont have permission and certificate pop up doesn't come

    Monday, September 16, 2019 11:20 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    The blog link works on my side: Exchange 2016 – Enable & Troubleshoot Certificate Based Authentication for OWA/Active Sync It's written in German, you can translate it to English with your browser. 

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Additionally, please make sure you have disabled all other authentication methods and enabled client certificate mapping for OWA virtual directory.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, September 19, 2019 9:02 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Did you get any useful information from the blog above?

    If you have solved your problem, could you share with us? Maybe it will help more people with similar problems. 

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, September 25, 2019 1:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am not able to win the project nor i am able to setup in my local lab. So will try other day. thanks for follow up. 


    Tuesday, October 1, 2019 5:49 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    That's OK. If you have any updates to share with us, please feel free to post here. Hope you can get useful information from it.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, October 4, 2019 1:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    That's OK. If you have any updates to share with us, please feel free to post here. Hope you can get useful information from it.

    Regards,

    Lydia Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    yes indeed. 

    Friday, October 4, 2019 5:48 AM