Exchange 2007 OWA Virtual Directory Authentication Issues

I ran into an interesting issue a couple of weeks ago with Outlook Web Access authentication.  A good friend of mine (who shall remain nameless) called me to get some help getting OWA working properly on Exchange 2007.

 After some testing and questioning, I discovered that they attempted to rename the OWA virtual directory to Exchange without deleting the existing Exchange virtual directory.  Step 1 was to convince them it was easier to get their users to type the new URL than re-purpose the Exchange virtual directory.

 Once we resolved that issue, we started working on getting the OWA virtual directory up and running.  We kept getting a 401 error, which really didn’t make sense since the OWA virtual directory was set in Exchange to employ Forms-Based Authentication.  So in the interest of time, we decided to delete and recreate the OWA virtual directory.  Same error message.

I started digging into IIS Manager, and discovered that the OWA virtual directory was set to Forms-Based Authentication.  So, tried changing it through the GUI to Windows.  It just reset itself back to Forms-Based. 

So I started digging into the web.config file.  Turns out the web.config file had the authentication type set to Forms-Based, and for some reason, the GUI change was not being written to the web.config file.  We edited the web.config file manually to use Windows Authentication, and it started working.

 Right about now, you are probably saying “Huh?”  That’s pretty much what I said too.  Here’s a quick summation of the lessons learned:

1.  With IIS 7 and IIS 7.5, it pretty much doesn’t matter if have a GUI, to do real work, you are going to have to edit text (XML) files. I thought we gave that up when we left DOS, Novell, and Linux/Unix behind, but I was apparently wrong.

2.  For forms-based OWA authentication to work, the virtual directory has to be set to use Windows Authentication.  (That one left me scratching my head for a while….)

3.  It is much easier to accept defaults and retrain users than it is to decide you don’t like Microsoft’s changes and set things up so the users don’t notice as many changes.

 Hope this helps;


Leave a Reply

You must be logged in to post a comment.