Microsoft KB Archive/903942

= How to configure Exchange Server 2003 so that users can log on to OWA without entering a domain name =

Article ID: 903942

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition

-



INTRODUCTION
This article describes how to configure Microsoft Exchange Server 2003 so that users can log on to Microsoft Outlook Web Access without entering a domain name.



MORE INFORMATION
When users try to log on to Outlook Web Access, they receive a logon dialog box that requires them to enter a user name and a password. By default, the user name should be entered in the following format in the Exchange Server 2003 logon dialog box:

Domain Name\User Name

However, if you have users who are from different domains and who access Outlook Web Access, you may want to configure Exchange Server 2003 so that users can access Outlook Web Access without entering the domain name.

Important
 * If you configure Exchange Server 2003 to accept a logon to Outlook Web Access without the domain name, this behavior is implemented by similar entries that are automatically made in Microsoft Internet Information Services (IIS) for the Microsoft Exchange Web site.

If you configure Exchange Server 2003 to accept logons to Outlook Web Access without the domain name, the LookupAccountName function in IIS will first verify the local domain for the user account name. Then, the other domains in the forest are verified until the LookupAccountName function finds a matching account name.

When a matching account name is found for the user, the password is verified. If the password that the user entered in the logon dialog box does not match the password in Active Directory directory services, the logon is rejected.

Therefore, you must make sure that you have unique user names across all domains if the following conditions are true:
 * You have users from multiple domains who access Outlook Web Access.
 * You configure Exchange Server 2003 so that users do not have to enter a domain name when they log on to Outlook Web Access.
 * Basic Authentication is less secure than Integrated Windows authentication. If you configure Exchange 2003 to accept logons to Outlook Web Access without the domain name, we recommend that you use Basic Authentication with Secure Sockets Layer (SSL) to help make your environment more secure. For more information about how to configure SSL, visit the &quot;Reference&quot; section.

To configure Exchange Server 2003 so that users can log on to Outlook Web Access without a domain name, the following conditions must be true:  The Microsoft Exchange server must be running Microsoft Windows Server 2003 Service Pack 1 (SP1). If Windows Server 2003 SP1 is not installed, you must have the hotfix that is in the following Microsoft Knowledge Base article installed on the Exchange server.

827991 &quot;HTTP error 401.1 - Unauthorized: Access is denied due to invalid credentials&quot; error message if the Basic

 The Exchange virtual directory must be configured to accept only Basic Authentication.

To enable Outlook Web Access to accept user logons without the domain name, follow these steps on all Microsoft Exchange servers including front-end and back-end servers:
 * 1) Start Exchange System Manager.
 * 2) Expand Administrative Groups, expand  , and then expand Servers.
 * 3) Expand  , expand Protocols, and then expand HTTP.
 * 4) Expand Exchange Virtual Server, right-click Exchange, and then click Properties.
 * 5) Click the Access tab, and then click Authentication.
 * 6) Click to select the Basic authentication (password is sent in clear text) check box.
 * 7) Click to clear all other check boxes.
 * 8) In the Default domain box, type a backslash to replace the domain name that is already entered in the box.
 * 9) Click OK two times.
 * 10) Right-click Public, and then click Properties.
 * 11) Click the Access tab, and then click Authentication.
 * 12) Click to select the Basic authentication (password is sent in clear text) check box.
 * 13) Click to clear all other check boxes.
 * 14) In the Default domain box, type a backslash to replace the domain name that is already entered in the box.
 * 15) Click OK two times.
 * 16) Quit Exchange System Manager.

Note If this Exchange Server 2003 server is a single server (there is no front-end server), and if you are using Exchange ActiveSync, configure the Exchange ActiveSync clients to synchronize with the Exchange Server 2003 server after you make these changes. To do this, follow Method 2 in the “Resolution” section in the following article in the Microsoft Knowledge Base:

817379 Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003

