Countdown to TechEd 2010 in New Orleans, LA: 2010-06-07 00:00:00 GMT-08:00

Thursday, January 21, 2010

How to Configure Change Password for OWA 2003/2007/2010 Mixed Environments

The Change Password feature in OWA will break when you reconfigure the environment to use Exchange 2007 or Exchange 2010 CAS servers as front-end servers for Exchange 2003 mailbox servers.  This is because the the CAS server don't have the necessary ASP pages installed that OWA 2003 links to.

telnetPORT25 wrote a great article explaining the step-by-step process, along with screenshots, to fix this problem.  I'm listing the high-level steps here (mainly to act as my long-term memory).
  • Logon to the Exchange 2007/2010 CAS server
  • Copy the %SystemRoot%\System32\inetsrv\iisadmpwd folder and files from the OWA 2003 FE server to the CAS server's %SystemRoot%\System32\inetsrv folder
  • Open IIS Manager and add a new Virtual Directory off the Default Web Site named IISADMPWD with a physical path of %SystemRoot%\System32\inetsrv\iisadmpwd
  • Right-click the new IISADMPWD virtual directory and select Convert to Application
  • Select the MSExchangeOWAAppPool
  • Restart IIS (iisreset /noforce or select the server in IIS Manager and click Restart)

Labels: , , , , ,

Subscribe in a reader Subscribe by Email

Tuesday, December 22, 2009

Fix for Cannot Logon to OWA Using ISA 2004

A client had a problem where users could not logon to Outlook Web Access (AKA, OWA or Webmail) from the Internet. Users would get the logon page, but would be returned to the same logon page after entering their correct username and password.

Accessing OWA from the internal network would present the same logon page, but the user can successfully logon and access their mailbox. It turns out that the fact that they get the same logon page internally is a clue to the solution. Internal (non-ISA) users will only see the OWA logon page if Exchange is configured to use Forms Based Authentication (FBA). In order for ISA to work properly with OWA, Exchange should NOT be configured for FBA. It should only be configured on the ISA server.

Here's how the two systems should be configured:
  • Install the Exchange server's SSL certificate in the ISA computer's Personal certificate store
  • On the ISA server, configure a Mail Server Publishing firewall rule to allow External users to access the OWA server using HTTPS. Configure an OWA web Listener for HTTPS using the Exchange server's SSL certificate that you imported. Configure the Listener's authentication to use OWA Forms-Based. Ensure that ISA is redirecting requests to the SSL port 443 on the Bridging tab.
  • Ensure that the Exchange server is NOT using Forms Based Authentication. In Exchange System Manager, go to [OrgName] > Administrative Groups > [AdminGroup] > Servers > [ServerName] > Protocols > HTTP. View the properties of the Exchange Virtual Server. Clear the Enable Forms Based Authentication checkbox on the Settings tab.

The customer was using ISA 2004 in front of Exchange 2003, but I assume this problem/solution will also occur with ISA 2006.

Labels: , , , ,

Subscribe in a reader Subscribe by Email

Thursday, September 6, 2007

How to Access Public Folders in OWA 2007

Public Folders are not available in the RTM release of Exchange 2007 OWA, so I created a work-around:
  • Log into E2K7 OWA as usual
  • Right-click your name in the folder list and select "Create new folder"
  • Name the new folder "Public Folders"
  • Compose a new email to yourself with https://yourOWAserverURL/public in the body of the message and send it
  • Move the new email to the Public Folders folder you created

To access Public Folders, open the Public Folders folder and click the link. Public Folders will open in a new window or tab in Internet Explorer.

Look for REAL Public Folder access to arrive with Exchange Server 2007 SP1.

Labels: , ,

Subscribe in a reader Subscribe by Email

Tuesday, April 17, 2007

Log into OWA 2007 with a Default Domain

Customers with Exchange in a single domain usually ask how to change OWA so users can log in using just a username instead of domain\username. This was problematic in Exchange 2003 because of the DS2MB background process, but simple to do in Exchange 2007.
  • Open Exchange Management Console
  • Expand Server Configuration
  • Select Client Access and click the Outlook Web Access tab
  • Select owa (Default Web Site) and click the Properties action
  • Click the Authentication tab
  • Under Use forms-based authentication, select User name only
  • Click Browse and select the domain name
  • Click OK
  • Run IISRESET /NOFORCE to restart IIS and enforce the change

Or, even easier using PowerShell:

Set-OWAVirtualDirectory -Identity "owa (default web site)" -LogonFormat username -DefaultDomain

Then run IISRESET /NOFORCE to restart IIS and enforce the change.

Note that this will automatically change the logon page to display the new logon requirements.

Labels: , ,

Subscribe in a reader Subscribe by Email