Have to type in login to OWA twice before able to login

Status
Not open for further replies.
T

TonyOVT

after the first login it will ask to login again. it doesn't say error or password incorrect but it seems to just refresh. Can someone point me to the right direction.

It only happens outside of the network. Inside the network it is fine.

we have exchange 2007.
 
C

Chris Morgan -

Is there a reverse proxy server that is proxying the connection to exchange from the outside?

Are you using forms based auth or basic auth?

Can you post " Get-OWAVirtualdirectory | fl" output?

Chris Morgan
 
T

TonyOVT

I don't have a reverse proxy server. It actually started to happen when I added a new domain controller.

We are using a form based auth. The forum won't let me post such a long post here is a partial. Let me know which part you are looking for.

Name : Exchweb (Default Web Site
)
WebSite : Default Web Site
DisplayName : Exchweb
DirectFileAccessOnPublicComputersEnabled :
DirectFileAccessOnPrivateComputersEnabled :
WebReadyDocumentViewingOnPublicComputersEnabled :
WebReadyDocumentViewingOnPrivateComputersEnabled :
ForceWebReadyDocumentViewingFirstOnPublicComputers :
ForceWebReadyDocumentViewingFirstOnPrivateComputers :
RemoteDocumentsActionForUnknownServers :
ActionForUnknownFileAndMIMETypes :
WebReadyFileTypes :
WebReadyMimeTypes :
WebReadyDocumentViewingForAllSupportedTypes :
WebReadyDocumentViewingSupportedMimeTypes :
WebReadyDocumentViewingSupportedFileTypes :
AllowedFileTypes :
AllowedMimeTypes :
ForceSaveFileTypes :
ForceSaveMimeTypes :
BlockedFileTypes :
BlockedMimeTypes :
RemoteDocumentsAllowedServers :
RemoteDocumentsBlockedServers :
RemoteDocumentsInternalDomainSuffixList :
FolderPathname : \\.\BackOfficeStorage\loc
al\ExchWeb
Url :
InternalAuthenticationMethods : {Basic, Fba}
LogonFormat : FullDomain
ClientAuthCleanupLevel : High
DefaultDomain :
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : False
FormsAuthentication : False
GzipLevel : Low
MetabasePath : IIS://abcdomainhub-node1.abcdomain.co
m/W3SVC/1/ROOT/Exchweb
FilterWebBeaconsAndHtmlForms :
NotificationInterval :
DefaultTheme :
UserContextTimeout :
ExchwebProxyDestination : MailboxServer
VirtualDirectoryType : Exchweb
OwaVersion : Exchange2003or2000
RedirectToOptimalOWAServer :
DefaultClientLanguage :
LogonAndErrorLanguage : 0
UseGB18030 :
UseISO885915 :
OutboundCharset :
CalendarEnabled :
ContactsEnabled :
TasksEnabled :
JournalEnabled :
NotesEnabled :
RemindersAndNotificationsEnabled :
PremiumClientEnabled :
SpellCheckerEnabled :
SearchFoldersEnabled :
SignaturesEnabled :
ThemeSelectionEnabled :
JunkEmailEnabled :
UMIntegrationEnabled :
WSSAccessOnPublicComputersEnabled :
WSSAccessOnPrivateComputersEnabled :
ChangePasswordEnabled :
UNCAccessOnPublicComputersEnabled :
UNCAccessOnPrivateComputersEnabled :
ActiveSyncIntegrationEnabled :
AllAddressListsEnabled :
RulesEnabled :
PublicFoldersEnabled :
SMimeEnabled :
RecoverDeletedItemsEnabled :
Path : \\.\BackOfficeStorage\loc
al\ExchWeb
Server : abcdomainHUB-NODE1
InternalUrl :
ExternalUrl :
ExternalAuthenticationMethods : {Fba}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Exchweb (Default Web S
ite),CN=HTTP,CN=Protocols
,CN=abcdomainHUB-NODE1,CN=Serve
rs,CN=Exchange Administra
tive Group (FYDIBOHF23SPD
LT),CN=Administrative Gro
ups,CN=OmniVision,CN=Micr
osoft Exchange,CN=Service
s,CN=Configuration,DC=abcdomain
,DC=com
Identity : abcdomainHUB-NODE1\Exchweb (Def
ault Web Site)
Guid : f09148e8-0f6b-482a-ae30-c
8253ac0122b
ObjectCategory : abcdomain.com/Configuration/Sch
ema/ms-Exch-OWA-Virtual-D
irectory
ObjectClass : {top, msExchVirtualDirect
ory, msExchOWAVirtualDire
ctory}
WhenChanged : 10/18/2008 2:40:39 PM
WhenCreated : 6/24/2008 5:08:54 PM
OriginatingServer : salt.abcdomain.com
IsValid : True
 
M

MaliStane

SO you say that there is direct pass through https trafic to CAS server. You try to run iisreset /noforce. And what is loged in event log, when one user tried to connect.
 
C

Chris Morgan -

Kinda wierd. That's the exchweb virtualdirectory, not the OWA virtual directory. What server did you run this on? Mailbox, CAS, ??

Chris Morgan
 
T

TonyOVT

I will try this I will schedule it if it doesn't cause any down time.
 
S

Serena Li

Hi,

Is it a native Exchange 2007 organization or mixed with Exchange 2000/2003? If it is a mixed organization, were you trying to access a legacy mailbox (Exchange 2000/2003) or an Exchange 2007 mailbox in OWA?

Best regards,

Serena


 
T

TonyOVT

it is native exchange 2007. it was working fine up until couple weeks ago in conjunction of me adding a new domain controller I'm not sure if they are related or not.
 
C

Chris Morgan -

How many CAS servers in the environment? Can you do a get-clientaccessserver and post the output?Chris Morgan
 
C

Chris Morgan -

Are they both in the same AD site? Which one does the firewall forward OWA traffic to? Also, is the mailbox server on seperate servers or dooes the mailbox role reside on those two servers?

Chris Morgan
 
T

TonyOVT

supposely it point to the first one. they are both in the same AD.

mailbox roles are in the two servers.
 
M

MaliStane

Ok if YOU say, that you don't have any revers Proxy, ISA, TMG, and so on, then when you try first login and get CookieAuth.dll?GetLogon?. Ther should be event written in IIS log on CAS server. Which IP is there, when login failed and you are redirected. And if there is something els there and not your IP, than you HAVE proxy.

Second step, is to destroy entire OWA web site, delete webconfig, and recreate entire OWA site !
 
T

TonyOVT

i saw this on the CAS event log not sure if its related
Microsoft Exchange couldn't find a certificate that contains the domain name mail.abcdomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector E2K7_2_ISA with a FQDN parameter of mail.ovt.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
 
M

MaliStane

Nothing that would affect owa. What das IIS log say, under c:\inetinfo\log\*
 
Status
Not open for further replies.
Top