Microsoft KB Archive/870928

= You are prompted for credentials when you try to access an Exchange Server 2003 computer by using Outlook Web Access on a Windows Server 2003-based computer =

Article ID: 870928

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.





SYMPTOMS
Assume that you are using Microsoft Internet Explorer on a Microsoft Windows Server 2003-based computer. When you use Outlook Web Access on the Windows Server 2003-based computer to access a Microsoft Exchange Server 2003 public folder, you may be prompted to type your credentials. This behavior occurs even when you are logged on as an Exchange administrator. After you type your credentials, you can access the public folder.



CAUSE
This behavior occurs because the Internet Explorer Enhanced Security Configuration is enabled on the Windows Server 2003-based computer. (By default, the Internet Explorer Enhanced Security Configuration is enabled.) Users who try to access Exchange Server 2003 by using Outlook Web Access must type their domain name and their password even if the user is an authenticated user for the trusted domain where the Exchange Server 2003 computer is located.



WORKAROUND
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

If you do not want users to type their domain name and their password when they use Outlook Web Access, you must remove the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps.

Note You must follow these steps on the Windows Server 2003-based computer that has the Internet Explorer Enhanced Security Configuration enabled.
 * 1) Click Start, point to Settings, and then click Control Panel.
 * 2) In Control Panel, double-click Add or Remove Programs. In the Add or Remove Programs dialog box, click Add/Remove Windows Components, Select Internet Explorer Enhanced Security Configuration, and then click Details.
 * 3) In the Internet Explorer Enhanced Security Configuration dialog box, click to clear both the For administrator groups, and For all other user groups options, and then click OK.
 * 4) Click Next to remove the Internet Explorer Enhanced Security Configuration component for Windows Server 2003.

Additionally, before you access Exchange Server 2003 with Outlook Web Access, you must add the Exchange Server 2003 Outlook Web Access Web site to the Trusted Sites list in Internet Explorer on the Windows Server 2003-based computer. To do this, follow these steps:
 * 1) Start Internet Explorer.
 * 2) On the Tools menu, click Internet Options.
 * 3) In the Internet Options dialog box, click the Security tab, click Local Intranet, and then click Sites.
 * 4) In the Local Intranet dialog box, click Advanced.
 * 5) In the Add this Web sites to the zone box, type the URL of the Web site for Outlook Web Access, and then click OK to save the changes, and then click OK two more times.



STATUS
This behavior is by design.

