OWA LOGIN PROBLEM - Multiple Login boxes , Loading..., OWAAUTH.DLL

SBS Newsgroup:

I am having a newly discovered problem with a customer's SBS2003 Server:

Problems:
1: Mutliple IIS Login boxes when accessing OWA via .../Exchange URL
- To get successful login, you have to use : domain\username
- After two or three IIS logins, the FBA login shows up - only need 1
login here
2: Sometimes you will get in, but you get the LOADING... text in Inbox
3: Somtimes you get "Bad Request" webpage and the OWAAUTH.DLL url.

Server config:
- SBS 2003 Premium (ISA and SQL installed)
- Exchange 2003 SP1 installed
- KB883543 installed
-ISA 2000 SP2 Installed
-SBS 2003 KB843539 Hotfix installed
-Trend Micro SMB Suite Installed (Separate Website)
-No Mime Types defined in Default Web Site
- Forms Based Authentication enabled (High) FBA
- GZip Temp Compressed files removed and IISRESET
- ISA URLCache deleted and Web Proxy Service restarted.

Clients Config:
-Windows XP w/ SP2
-Windows 2000 Server w/SP4 (just for testing)

OWA was working correctly 4 months ago when it was installed.
Users have not attempted to use OWA until recently.
New Server installation and Trend was installed at the same time.
I have another customer server that is virtually identical to this one.
(All the same patches are installed). OWA works fine
I have compared just about every setting in IIS and Exchange Sys Mgr.
I have not found any differences.


Any help would be appreciated.
This is driving me NUTS !!

 

Hi Bob,

Nice hearing from you again!

It seems that there're multiple problems on your OWA logon. I'd like to
provide you with the following KB for your reference.

Issue 1. Domain\Username issue.

First of all, please make sure that you've installed the following Hotfix.

FIX: IIS 6.0 compression corruption causes access violations
http://support.microsoft.com/kb/831464/en-us

Then, please check that the IIS and client cache is clear. To do so:

1) From the client computers:

a. In Internet Explorer, click Internet Options on the Tools menu.
b. Click the General tab, and then click Delete Files.
c. Click OK.

[Note:] It's important to ensure that no OWA connection is active or
attempted between the time you start clearing the cache files, and the time
you are finished clearing them (from all locations).

2) From the IIS server:

a. Clear the IIS server files: Go to your %windows%\IIS Temporary
Compressed Files directory *. Select all of the content in this directory
and delete it.
b. Go to a command prompt, type "iisreset".

More KB articles for your reference:

You cannot use Outlook Web Access with forms-based authentication and you
receive a Store.exe e-mail alert message
http://support.microsoft.com/kb/843539

Outlook Web Access session unexpectedly quits when forms-based
authentication is used (If you're using ISA 2000)
http://support.microsoft.com/kb/820378

Issue 2. Loading... issue.

Please follow this KB to troubleshoot such issue.

Troubleshooting OWA when the contents frame displays "Loading"
http://support.microsoft.com/kb/280823

Issue 3. OWAAUTH.dll issue.

Please also follow the KB I mentioned in Issue 1 to troubleshoot this
problem.

Issue 4. OWA Clients Are Repeatedly Returned to the FBA issue.

This issue may occur if the Request to the OWA server contained a cookie
(whether known or unknown source) that has a name "sessionid" and a path of
"/exchange/".

To work around this problem, use one of the following methods:

Method 1: Change the name of the cookie that is used by the other program

If the source of the cookie is known, alter the web application that is
creating it, so as not to set the path to /exchange/ on the cookie, and
change the cookie's name from sessionid to something that is considerable
more unique, such as MyWebApp-Session-ID.

Method 2: Modify the Owalogon.asp file on your Exchange computer so that
Outlook Web Access expires the persistent cookie prior to the POST
operation that calls OWAAuth.dll

[Warning] We do not recommend the use of Method 2 unless all method 1 has
been exhausted. While we have not seen any ill behavior due to this
workaround, either in testing or in production, the use of this method is
unsupported by PSS and the Exchange product team. Any problems that result
from the use of Method 2 is not supported by PSS and the Exchange product
team.

[Note] The use of this method to correct the behavior you are experiencing
may be negated by the application of future hotfixes and service packs that
could over-write the OWALogon.asp file. If the problem occurs after the
application of a future hotfix or service pack, you must repeat this
procedure to change the Owalogon.asp file.

You can modify the Owalogon.asp file on your Exchange computer in a manner
that will cause the browser to expire the cookie, therefore the browser
will not send them up to the OWAAuth.dll Authentication module when the
user submits their form.

To do this:

Click Start, click Run, type cmd, and then click OK.

1. Type the following commands, and press ENTER after each command:

CD\
CD "program files\exchsrvr\exchweb\bin\auth"
copy owalogon.asp owalogon.bak
notepad owalogon.asp

2. In the Owalogon.asp file, locate the section that is similar to the
following:

<% @ ENABLESESSIONSTATE=False LANGUAGE=VBSCRIPT CODEPAGE=1252 %>
<% Language=VBScript %>
<% Set LangMap = Server.CreateObject("Scripting.Dictionary")

3. Immediately prior to the line that calls
Server.CreateObject("Scripting.Dictionary"), Add the following two lines to
the section that you located in step 3:
Response.AddHeader "Set-Cookie", "sessionid=; path=/; expires=Thu,
01-Jan-1970 00:00:00 GMT"
Response.AddHeader "Set-Cookie", "sessionid=; path=/exchange/; expires=Thu,
01-Jan-1970 00:00:00 GMT"

4. After you add the two lines, the section must look similar to the
following:
<% @ ENABLESESSIONSTATE=False LANGUAGE=VBSCRIPT CODEPAGE=1252 %>
<% Language=VBScript %>
<% Response.AddHeader "Set-Cookie", "sessionid=; path=/; expires=Thu,
01-Jan-1970 00:00:00 GMT"
Response.AddHeader "Set-Cookie", "sessionid=; path=/exchange/; expires=Thu,
01-Jan-1970 00:00:00 GMT"
Set LangMap = Server.CreateObject("Scripting.Dictionary")

5. Click File, and then click Save.
6. Click File, and then click Exit.

I hope the above info helps.

If you have any update on this issue, please feel free to post back.

Have a nice day!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

Hi Bob,

Meanwhild, please also check whether you've installed TrendMicro OfficeScan
on the client computers. If so, it may also cause such OWA issues.

HTH.

Bill Peng
MCSE 2000, MCDBA
Microsoft Partner Support Professional

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

Bill:

Thanks for all the info.
I am surprised you remember me.
I don't post that often, but i am always lurking.
I usually find what I am looking for pretty quickly here.
I have gone thru all the posts here regarding these issues and
have tried them before posting. I will go thru all of your recommendations
and post my results later today. In the meantime, I have a couple of
other questions:

1: What is going to happen w/ ISA 2004 being bundled w/ SBS 2003 Prem?
2: Is there a Service Pack for SBS 2003 coming that will fix all of these
nagging issues w/ OWA and XP SP2 and Exchange 2003 SP1?

I will be installing another new SBS 2003 Prem Server in a couple of weeks.
I want to make sure that I have the latest fixes and patches beforehand.

Regarding the OWA Problems: I MUST be doing something wrong here, But I
will walk thru it again.

Thx again.

 

Hi Bob,

For ISA 2004 with OWA, I'd like to provide you with the following info:

Outlook Web Access Server Publishing in ISA Server 2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.msp
x

You cannot access the Exchange Server computer by using OWA after you turn
on forms-based authentication in ISA Server 2004
http://support.microsoft.com/default.aspx?scid=kb;en-us;838704

ISA material
http://www.microsoft.com/isaserver/downloads/2004.asp

For more deatail about ISA 2004, please check ISA Home Page.
http://www.microsoft.com/isa

SBS 2K3 SP1 will be available soon (seems to be in February); however,
before we get the released version, we cannot guarantee that this problem
must be fixed in SP1. I appreciate your understanding on this.

If you need further info, please feel free to post back and I will do my
best to help.

Have a nice day!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

Bill:

First, I was postponed by the customer in making changes to their server.
I got the go ahead just this afternoon.

I found the problem. It was the "ask Unauthenticated Users..." check box
was enabled in ISA. This is documented in KB327349.
I don't recall enabling this setting, but it was probably me. The customer
does NOT change anything on their server. And, I have read that this is
a security issue, because it passes the credentials in clear text before you
are redirected to the website.

The IIS logon box was expecting domain/username and I was only supplying
username. Since I installed the exchange SP1 and the OWA domain\username
hotfix, I was not expecting to have to supply both. I did so as a test after
reading KB820378 and OWA was working. So I did some more digging and
found KB327349 and then I found the problem. So, you may want to
add this to your collection of KBs for OWA problems w/ SBS 2003.
Perhaps this KB should be updated to include mentioning SBS 2003 and
OWA 2003.

thx for all your efforts!

Bob G.

 

Hi Bob,

Many thanks for your knowledge sharing.

I'm glad that the problem has been resolved. And I really appreciate your
effort on this issue.

We look forward to working with you here again!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

<s$>
<>