Microsoft KB Archive/300646

= How to configure OWA authentication when Exchange Server and IIS are on different computers =

Article ID: 300646

Article Last Modified on 9/12/2007

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q300646



Table of Contents

 * SUMMARY
 * Requirements
 * Set Up Basic Clear Text Authentication on IIS 4.0 or IIS 5.0
 * Internet Information Server 4.0
 * Internet Information Services 5.0
 * Pitfalls

back to the top

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
This step-by-step article describes how to configure authentication to work with Outlook Web Access (OWA) when your host Exchange Server 5.5 is on one computer and Internet Information Services is on a different computer.

back to the top

Requirements
The following items describe the recommended hardware, software, network infrastructure, skills and knowledge and service packs you will need.  Exchange Server Version 5.5 on one computer. For more information about how to configure Exchange Server 5.5, visit the following Microsoft Web site:

http://www.microsoft.com/exchange/default.mspx

 Internet Information Server 4.0 or Internet Information Services 5.0 on another computer. For more information about how to configure IIS, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/en/server/iis/

 Outlook Web Access configured on the computer that is running IIS. For more information about how to use Outlook Web Access, visit the following Microsoft Web site to view the Planning and Deploying Outlook Web Access white paper:

http://www.microsoft.com/technet/archive/exchangeserver55/plan/outlookwebaccess.mspx?mfr=true

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

125329 Deploying and troubleshooting Outlook Web Access



back to the top

Set up Basic Clear Text Authentication on IIS 4.0 or IIS 5.0
The only authentication scheme that will work with Outlook Web Access when IIS and Exchange are on different computers is Basic Clear Text Authentication. The following instructions describe how to set up Basic Authentication on IIS 4.0 and IIS 5.0. If you must have NTLM authentication, you must configure Exchange and IIS on the same computer.

back to the top

Internet Information Server 4.0

 * 1) Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Services, and then click Internet Services Manager.
 * 2) In Microsoft Management Console window, right-click the virtual server where Outlook Web Access is installed (This is frequently the &quot;Default Web site&quot;. But it may instead be a specific user-configured virtual server).
 * 3) Click Properties, and then click the Directory Security tab.
 * 4) Click the Edit button next to Anonymous Access and Authentication Control.
 * 5) Select Basic Authentication (password is sent in clear text).
 * 6) Clear the Integrated Windows Authentication check box. Click OK.
 * 7) For Inheritance Overrides, click Select All. Click OK.
 * 8) Click OK.
 * 9) Close Microsoft Management Console window.

back to the top

Internet Information Services 5.0

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
 * 2) In the Internet Information Services window, right-click the virtual server where Outlook Web Access is installed (This is frequently the &quot;Default Web site&quot;. But it may instead be a specific user-configured virtual server).
 * 3) Click Properties, and then click the Directory Security tab.
 * 4) Click the Edit button next to Anonymous Access and Authentication Control.
 * 5) Select Basic Authentication (password is sent in clear text).
 * 6) Select Digest Authentication for Windows Domain Servers.
 * 7) Clear the Integrated Windows Authentication check box. Click OK.
 * 8) For Inheritance Overrides, click Select All. Click OK.
 * 9) Click OK.
 * 10) Close the Internet Information Services window.

back to the top

Pitfalls
If you must have NTLM authentication, you must configure Exchange and IIS on the same computer.

back to the top

Keywords: kbhowtomaster KB300646

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.