OWA LOGIN PROBLEM - Multiple Login boxes , Loading..., OWAAUTH.DLL

Discussion in 'Windows Small Business Server' started by Bob G., Feb 1, 2005.

  1. Bob G.

    Bob G. Guest

    SBS Newsgroup:

    I am having a newly discovered problem with a customer's SBS2003 Server:

    Problems:
    1: Mutliple IIS Login boxes when accessing OWA via .../Exchange URL
    - To get successful login, you have to use : domain\username
    - After two or three IIS logins, the FBA login shows up - only need 1
    login here
    2: Sometimes you will get in, but you get the LOADING... text in Inbox
    3: Somtimes you get "Bad Request" webpage and the OWAAUTH.DLL url.

    Server config:
    - SBS 2003 Premium (ISA and SQL installed)
    - Exchange 2003 SP1 installed
    - KB883543 installed
    -ISA 2000 SP2 Installed
    -SBS 2003 KB843539 Hotfix installed
    -Trend Micro SMB Suite Installed (Separate Website)
    -No Mime Types defined in Default Web Site
    - Forms Based Authentication enabled (High) FBA
    - GZip Temp Compressed files removed and IISRESET
    - ISA URLCache deleted and Web Proxy Service restarted.

    Clients Config:
    -Windows XP w/ SP2
    -Windows 2000 Server w/SP4 (just for testing)

    OWA was working correctly 4 months ago when it was installed.
    Users have not attempted to use OWA until recently.
    New Server installation and Trend was installed at the same time.
    I have another customer server that is virtually identical to this one.
    (All the same patches are installed). OWA works fine
    I have compared just about every setting in IIS and Exchange Sys Mgr.
    I have not found any differences.


    Any help would be appreciated.
    This is driving me NUTS !!
     
    Bob G., Feb 1, 2005
    #1
    1. Advertisements

  2. Hi Bob,

    Nice hearing from you again!

    It seems that there're multiple problems on your OWA logon. I'd like to
    provide you with the following KB for your reference.

    Issue 1. Domain\Username issue.

    First of all, please make sure that you've installed the following Hotfix.

    FIX: IIS 6.0 compression corruption causes access violations
    http://support.microsoft.com/kb/831464/en-us

    Then, please check that the IIS and client cache is clear. To do so:

    1) From the client computers:

    a. In Internet Explorer, click Internet Options on the Tools menu.
    b. Click the General tab, and then click Delete Files.
    c. Click OK.

    [Note:] It's important to ensure that no OWA connection is active or
    attempted between the time you start clearing the cache files, and the time
    you are finished clearing them (from all locations).

    2) From the IIS server:

    a. Clear the IIS server files: Go to your %windows%\IIS Temporary
    Compressed Files directory *. Select all of the content in this directory
    and delete it.
    b. Go to a command prompt, type "iisreset".

    More KB articles for your reference:

    You cannot use Outlook Web Access with forms-based authentication and you
    receive a Store.exe e-mail alert message
    http://support.microsoft.com/kb/843539

    Outlook Web Access session unexpectedly quits when forms-based
    authentication is used (If you're using ISA 2000)
    http://support.microsoft.com/kb/820378

    Issue 2. Loading... issue.

    Please follow this KB to troubleshoot such issue.

    Troubleshooting OWA when the contents frame displays "Loading"
    http://support.microsoft.com/kb/280823

    Issue 3. OWAAUTH.dll issue.

    Please also follow the KB I mentioned in Issue 1 to troubleshoot this
    problem.

    Issue 4. OWA Clients Are Repeatedly Returned to the FBA issue.

    This issue may occur if the Request to the OWA server contained a cookie
    (whether known or unknown source) that has a name "sessionid" and a path of
    "/exchange/".

    To work around this problem, use one of the following methods:

    Method 1: Change the name of the cookie that is used by the other program

    If the source of the cookie is known, alter the web application that is
    creating it, so as not to set the path to /exchange/ on the cookie, and
    change the cookie's name from sessionid to something that is considerable
    more unique, such as MyWebApp-Session-ID.

    Method 2: Modify the Owalogon.asp file on your Exchange computer so that
    Outlook Web Access expires the persistent cookie prior to the POST
    operation that calls OWAAuth.dll

    [Warning] We do not recommend the use of Method 2 unless all method 1 has
    been exhausted. While we have not seen any ill behavior due to this
    workaround, either in testing or in production, the use of this method is
    unsupported by PSS and the Exchange product team. Any problems that result
    from the use of Method 2 is not supported by PSS and the Exchange product
    team.

    [Note] The use of this method to correct the behavior you are experiencing
    may be negated by the application of future hotfixes and service packs that
    could over-write the OWALogon.asp file. If the problem occurs after the
    application of a future hotfix or service pack, you must repeat this
    procedure to change the Owalogon.asp file.

    You can modify the Owalogon.asp file on your Exchange computer in a manner
    that will cause the browser to expire the cookie, therefore the browser
    will not send them up to the OWAAuth.dll Authentication module when the
    user submits their form.

    To do this:

    Click Start, click Run, type cmd, and then click OK.

    1. Type the following commands, and press ENTER after each command:

    CD\
    CD "program files\exchsrvr\exchweb\bin\auth"
    copy owalogon.asp owalogon.bak
    notepad owalogon.asp

    2. In the Owalogon.asp file, locate the section that is similar to the
    following:

    <% @ ENABLESESSIONSTATE=False LANGUAGE=VBSCRIPT CODEPAGE=1252 %>
    <% Language=VBScript %>
    <% Set LangMap = Server.CreateObject("Scripting.Dictionary")

    3. Immediately prior to the line that calls
    Server.CreateObject("Scripting.Dictionary"), Add the following two lines to
    the section that you located in step 3:
    Response.AddHeader "Set-Cookie", "sessionid=; path=/; expires=Thu,
    01-Jan-1970 00:00:00 GMT"
    Response.AddHeader "Set-Cookie", "sessionid=; path=/exchange/; expires=Thu,
    01-Jan-1970 00:00:00 GMT"

    4. After you add the two lines, the section must look similar to the
    following:
    <% @ ENABLESESSIONSTATE=False LANGUAGE=VBSCRIPT CODEPAGE=1252 %>
    <% Language=VBScript %>
    <% Response.AddHeader "Set-Cookie", "sessionid=; path=/; expires=Thu,
    01-Jan-1970 00:00:00 GMT"
    Response.AddHeader "Set-Cookie", "sessionid=; path=/exchange/; expires=Thu,
    01-Jan-1970 00:00:00 GMT"
    Set LangMap = Server.CreateObject("Scripting.Dictionary")

    5. Click File, and then click Save.
    6. Click File, and then click Exit.

    I hope the above info helps.

    If you have any update on this issue, please feel free to post back.

    Have a nice day!

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Bill Peng [MSFT], Feb 2, 2005
    #2
    1. Advertisements

  3. Hi Bob,

    Meanwhild, please also check whether you've installed TrendMicro OfficeScan
    on the client computers. If so, it may also cause such OWA issues.

    HTH.

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft Partner Support Professional

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via
    your newsreader so that others may learn and benefit
    from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Bill Peng [MSFT], Feb 2, 2005
    #3
  4. Bob G.

    Bob G. Guest

    Bill:

    Thanks for all the info.
    I am surprised you remember me.
    I don't post that often, but i am always lurking.
    I usually find what I am looking for pretty quickly here.
    I have gone thru all the posts here regarding these issues and
    have tried them before posting. I will go thru all of your recommendations
    and post my results later today. In the meantime, I have a couple of
    other questions:

    1: What is going to happen w/ ISA 2004 being bundled w/ SBS 2003 Prem?
    2: Is there a Service Pack for SBS 2003 coming that will fix all of these
    nagging issues w/ OWA and XP SP2 and Exchange 2003 SP1?

    I will be installing another new SBS 2003 Prem Server in a couple of weeks.
    I want to make sure that I have the latest fixes and patches beforehand.

    Regarding the OWA Problems: I MUST be doing something wrong here, But I
    will walk thru it again.

    Thx again.


     
    Bob G., Feb 2, 2005
    #4
  5. Hi Bob,

    For ISA 2004 with OWA, I'd like to provide you with the following info:

    Outlook Web Access Server Publishing in ISA Server 2004
    http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.msp
    x

    You cannot access the Exchange Server computer by using OWA after you turn
    on forms-based authentication in ISA Server 2004
    http://support.microsoft.com/default.aspx?scid=kb;en-us;838704

    ISA material
    http://www.microsoft.com/isaserver/downloads/2004.asp

    For more deatail about ISA 2004, please check ISA Home Page.
    http://www.microsoft.com/isa

    SBS 2K3 SP1 will be available soon (seems to be in February); however,
    before we get the released version, we cannot guarantee that this problem
    must be fixed in SP1. I appreciate your understanding on this.

    If you need further info, please feel free to post back and I will do my
    best to help.

    Have a nice day!

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Bill Peng [MSFT], Feb 3, 2005
    #5
  6. Bob G.

    Bob G. Guest

    Bill:

    First, I was postponed by the customer in making changes to their server.
    I got the go ahead just this afternoon.

    I found the problem. It was the "ask Unauthenticated Users..." check box
    was enabled in ISA. This is documented in KB327349.
    I don't recall enabling this setting, but it was probably me. The customer
    does NOT change anything on their server. And, I have read that this is
    a security issue, because it passes the credentials in clear text before you
    are redirected to the website.

    The IIS logon box was expecting domain/username and I was only supplying
    username. Since I installed the exchange SP1 and the OWA domain\username
    hotfix, I was not expecting to have to supply both. I did so as a test after
    reading KB820378 and OWA was working. So I did some more digging and
    found KB327349 and then I found the problem. So, you may want to
    add this to your collection of KBs for OWA problems w/ SBS 2003.
    Perhaps this KB should be updated to include mentioning SBS 2003 and
    OWA 2003.

    thx for all your efforts!

    Bob G.

     
    Bob G., Feb 3, 2005
    #6
  7. Hi Bob,

    Many thanks for your knowledge sharing.

    I'm glad that the problem has been resolved. And I really appreciate your
    effort on this issue.

    We look forward to working with you here again!

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <s$>
    <>
     
    Bill Peng [MSFT], Feb 4, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.