Microsoft KB Archive/820378

= Outlook Web Access session unexpectedly quits when forms-based authentication is used =

Article ID: 820378

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-





SYMPTOMS
When you log on to your mailbox by using Microsoft Outlook Web Access (OWA), you may experience the following symptoms:  You receive one of the following error messages when you try to use the OWA spell checking feature:

Message 1

Unspecified error.

Message 2

The spelling in this item can't be checked. Try again later.

 Your OWA session quits unexpectedly.



CAUSE
This behavior may occur if the Outlook Web Access server is published through Microsoft Internet Security and Acceleration (ISA) Server, or if both of the following conditions are true:
 * You log on by using only your user alias and password instead of by specifying the domain in a Universal Naming Convention (UNC) format or your user principal name (UPN) format.
 * The Exchange virtual server is configured to use forms-based authentication (Cookie-auth).



WORKAROUND
To work around this behavior, use one of the following methods.

Method 1: Specify the domain when you log on
When you log on, specify your domain in your logon credentials. To do so, use one of the following formats in the User name list of the Connect to  dialog box (where   is the name of your domain, where   is your alias, and where   is the user principal name):

\

-or-

@

Method 2: Customize Logon.asp
If you do not want to specify the domain when you log on, create a custom Logon.asp page that includes the default domain (either visible or hidden). You can also display a list of the domains that the server supports.

The following example code illustrates how to create a custom Logon.asp page. To use this code, replace both instances of  in each language-version of the Logon.asp file with the following code.

Note You must replace both instances of  with this code because one instance is for rich experience and the other instance is for basic experience. This replacement is required for browser compatibility. Also, if you make a custom Logon.asp page, users will no longer be able to log on with a user name of \. If they do this they will actually be passing \ \.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

Important Microsoft does not provide assistance in customizing OWA objects and if you contact Microsoft about an OWA issue for a server that OWA is customized on, you must replace the customized files with the original versions of the files.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

327178 Microsoft support policy for the customization of Outlook Web Access for Exchange

  Note In the script, make sure that you add the name of your network basic input/output system (NetBIOS) domain in the code. In the script that is provided, put your domain name in the  location.

Method 3: Disable authentication for incoming Web requests in ISA Server
If OWA is published behind a server that is running ISA Server, verify that no authentication methods are configured for incoming Web requests.
 * 1) Open ISA Server.
 * 2) Right-click the ISA Server name, and then click Properties.
 * 3) Click the Incoming Web Requests tab.
 * 4) Select the Web request listener that is used for OWA, and then click Edit.
 * 5) Click to clear all the authentication methods, including the Integrated authentication method.
 * 6) Click OK.
 * 7) Restart the Microsoft ISA Server Web Proxy service.



MORE INFORMATION
In Exchange Server 2003, forms-based authentication (Cookie-auth) requires that you use a backslash character as the default domain setting in Exchange System Manager. This restriction is designed to support user logons using the UPN format. If you modify the default domain in Microsoft Internet Information Services (IIS) to anything other than the default domain setting of &quot;\&quot;, Exchange System Manager will reset the default domain setting to &quot;\&quot; on the server.

Additionally, if forms-based authentication is deployed in a front-end-back-end configuration, the default domain setting on the back-end server must match the default domain setting on the front-end server, or you may experience authentication problems. Therefore, if forms-based authentication is enabled on the front-end server (which requires the backslash as the default domain), the default domain on the back-end server must also be set to &quot;\&quot; in Exchange System Manager.

For more information about why you should administer authentication and default domain settings in Exchange System Manager, click the following article numbers to view the articles in the Microsoft Knowledge Base:

240105 General information on Directory Service/Metabase Synchronization in Exchange 2000 Server

264941 Changes to virtual directory settings are not maintained



STATUS
This behavior is by design.

Additional query words: XCCC FE/BE fe be

Keywords: kbbug kbnofix KB820378

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.