Microsoft Exchange 2003 Outlook Web Access (OWA) Authentication

I was debugging an install of Microsoft Exchange 2003 where the authorization dialog kept popping up.  I found a Microsoft KB article titled “Troubleshooting Outlook Web Access logon failures” that recommends  “Make sure that the Basic Authentication and Integrated Windows Authentication check boxes are not checked [under Authentication and access control for the Exchweb virtual directory], and then click to select the Enable anonymous access check box if it is not already selected.”  (Step 2e).

I found that the exact opposite was true.  This worked when I disabled anonymous access and enabled basic/integrated authentication.  The machine is also a domain controller, so I suspect that anonymous access wasn’t configured for a valid account.  I think I’d prefer to leave it with allowing basic authentication on Exchweb rather than anonymous; they’re already presenting credentials for OWA anyway and it prevents anonymous access to server/Exchweb.  Comments anyone?

Advertisements

3 thoughts on “Microsoft Exchange 2003 Outlook Web Access (OWA) Authentication

  1. It looks like it is so. You need to configure basic authentication. You also need to configure and enable remote procedure calls (RPC) over HTTP. And you should verify that anonymous account is configured properly so that the IUSR account is not disabled or locked out. Basic authentication mechanism requires account to validate credentials. Check this article also for the info on configuring authentication and virtual directories. Another question is how to deploy Outlook Web Access and enable authentication the best way. I found two ways of doing that where one is implemented via script while another is done via automating tool. To the point, a nice article on troubleshooting web access with Exchange and how to configure anonymous access for Exchange.

  2. Thanks for the links Derek; very helpful.

    I think my problem was that IIS was installed on the machine prior to it becoming a domain controller, so the IUSER_ and IWAM_ accounts were stripped from the system, but IIS still wanted those. I think the proper methodology would have been to remove IIS, configure the machine as a DC, and reinstall IIS prior to Exchange installation.

    Your link shows how to configure the Exchange side of it properly; thanks again!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s