How can I configure Forms-Based Authentication in Exchange Server 2003 OWA?
Spiceworks provides 100% Free Network Management Software to IT Pros to monitor everything on their network including MS Exchange Server health, network bandwidth, and Windows performance.
There are no tricks or fine print with Spiceworks – their network management software is completely free including support and upgrades and features a wide range of useful IT management functionality.
Exchange Server 2003 has greatly improved the Outlook Web Access (or OWA for short) experience when compared to older Exchange versions. Besides the nice new GUI, spell-checking in different languages, drag-and-drop features, S/MIME support (see Configure Message Security in OWA 2003 for more info) and more, Exchange Server 2003 has added a new logon method that can be used on OWA.
Instead of entering the username and password in an annoying pop-up screen, when configured with Forms-Based Authentication (or FBA for short), OWA will display a logon screen that enables the user to select various options and get a generally better look for the logon process.
FBA can also be used to enable compression and other nice features, but in this article I will only deal with enabling it.
In order to successfully configure Forms-Based Authentication in OWA on Exchange Server 2003 you need to perform the following steps:
Configure SSL on OWA
If you plan to use SSL or Forms-Based Authentication on your OWA site you must first configure OWA to use SSL as the connection protocol. See Configure SSL on OWA for more info.
Configuring Forms-Based Authentication
After configuring SSL on the OWA site, you now need to enable the Forms-Based Authentication on the HTTP Virtual Server in Exchange System Manager.
- Open Exchange System Manager.
- Navigate to your server object.
- Expand your server object, and expand Protocols.
- Expand HTTP.
- Right-click on the Exchange Virtual Server and select Properties.
- On the Settings tab, click to select the Enable Forms Based Authentication check-box.
- Click Ok, and click Ok to dismiss the warning message.
- Restart the IIS services either from the Services snap-in or from the IIS Admin snap-in.
None required. Just point your client's web browser to the same URL you've used before, but instead of using HTTP, use HTTPS. You should get a warning telling you you're about to enter a secure site, and if you've configured your SSL digital certificate as described in Configure SSL on OWA, you should be just fine.
Note: Remember, you must enter your username in the format of DOMAIN\USERNAME, otherwise things won't work for you.
Optional - Customize the logon page
Since you enabled Forms-Based Authentication your users have found it annoying they can’t type USERNAME anymore and that they had to use the DOMAIN\USERNAME format.
Luckily for us, MVP Henrik Walther has written a great article explaining how to customize the logon page used by OWA after it has been configured to use Forms-Based Authentication.
You may find these related articles of interest to you:
- Adding Root Certificates to Windows Mobile 2003 Pocket PC
- Configure ISA to Publish OWA
- Configure Message Security in OWA 2003
- Configure OMA in Exchange 2003
- Configure OWA 2003 Attachment Blocking
- Configure SSL on OMA
- Configure SSL on OWA
- Configure SSL on Your Website with IIS
- Configure Web Access to Newsgroups Hosted on Exchange 2000/2003
- Disable Spell Checking in OWA 2003
- Enable Password Changing through OWA in Exchange 2003
- How to Synchronize a Pocket PC with Exchange 2003?
- Problems with Forms-Based Authentication and SSL in ActiveSync
- Removing S/MIME Control in OWA 2003
- Reset OWA 2000/2003 Language
- Test OMA in Exchange 2003
- Using Forms-Based Authentication without SSL
- Web Access to Alternate PF