Disabling OWA Form Authentication caused ECP to be inaccessible

Hi,

I'm trying to publish Exchange 2013 OWA via ISA Server 2006 using its form authentication. For that, I disabled the OWA Authentication Form to avoid being asked to log in twice. However after disabling it, I could not longer access ECP. When opening the ECP, I would be shown the normal OWA login form but upon logging in, I would be shown an error page with the link in the URL as "https:/[servername]/owa/auth.owa"

If I re-enable OWA Authentication using "Set-OwaVirtualDirectory" command, I am able to access ECP again.

Any idea what is happening?

Thanks.

March 1st, 2013 10:58am

Hi 
   It works for me on my test server.
   For the "owa" virtual directory

Open Exchange Management Shell (EMS), and then run the following cmdlet to change the authentication method of the "owa" virtual directory to Windows authentication:

set-Owavirtualdirectory -identity "E15MBX\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset /noforce

For the "ECP" virtual directory

Type the following commands, and then press Enter after each line:

Add-PSSnapin *exchange*

Set-EcpVirtualDirectory -Identity "E15MBX\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false

Run the following command on both the Client Access and Mailbox servers to restart Internet Information Services (IIS):

iisreset /noforce

Free Windows Admin Tool Kit Click here and download it now
March 4th, 2013 5:55am

Hi,

I actually did what you suggested, meaning configure the same authentication methods to ECP and it works.

However, instead of configuring the "Exchange Back End", I configured the "Default Web Site". Also I tried your method and Set-EcpVirtualDirectory for "Exchange Back End" failed with error, "... it's out of the current user's write scope..." even though I'm logged in as a domain admin.

Thanks.

July 2nd, 2013 11:00pm

Hi,

The 2nd part which starts with "Add-PSSnapin *exchange*" need to be run in PowerShell, not the Exchange PowerShell. It works great in fixing the ECP.

The actual reference can be found at http://support.microsoft.com/kb/2778897

Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 3:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics