OWA/IIS Getting rid of domain\user

ethos · 16 Aug 2008 at 10:23

Alright chaps,

Sorting out OWA over https at work, managed to get it all up and running (bar sorting out some good ssl certs).

Been trying to get rid of the domain\username when logging in tho.

I've tried adding "\" "domain" "domain.local" "servername.domain.local" to IIS and system manager (obviously testing one at a time)... then stop / starting and it's still asking.

I'm sure it's something silly i'm doing wrong but I can't quite figure it out. Any other settings that would effect this? Can't find anything on google!

I'm changing the "Exchange" and "Public" folders.

ethos · 16 Aug 2008 at 10:25

Should this be in "Windows and other software"? ....

Deathwish · 16 Aug 2008 at 12:14

I don't know the "proper" way to achieve this in Ex2003 but I cheated and edited the logon code

Code:

<script Language=javascript>
<!--
function logonForm_onsubmit()
{
if (logonForm.username1.value.indexOf("@") !=-1)
{
return true;
}
logonForm.username.value = "domain_name\\" + logonForm.username1.value;
  return false;
}
//-->
</script>

Also

Code:

<TD width="98%"><INPUT type="text" id="username1" name="username1" style="width:100%" size="25" maxlength="256"></TD>
<INPUT type="hidden" id="username" name="username" style="width:100%" size="25" maxlength="256">

Bit of a hack, but it works. Ex2007 has an option in PowerShell to customise this.

ethos · 16 Aug 2008 at 13:08

Isn't that for form based authentication though?

Deathwish · 16 Aug 2008 at 13:30

mmm, yes. Didn't realise you weren't using that. Oops

ethos · 16 Aug 2008 at 13:51

No worries!!

^^Gord^^ · 16 Aug 2008 at 14:13

From your description it sounds like you have done the correct change. But to confirm....

You have the Authentication Methods on the Exchange virtual directory set to accept basic authenication and have the default domain set to your domains netbios name?

Is this Exchange 2003? Or SBS 2003?

When you get this sorted you might want to add these to OWA as well....

http://support.microsoft.com/kb/839357

http://support.microsoft.com/kb/319878

ethos · 16 Aug 2008 at 14:29

Yep and Exchange 2003.

Thanks for the links, I'm going to be hosting the https OWA and a "portal" website so shouldn't need to play with either of those. Make it nice and easy for the user

^^Gord^^ · 16 Aug 2008 at 14:37

And when you look back in the Authentication Methods you stil see the netbios name set?

I'm assuming both Exchange and Windows are patched up to date?

The only time I've seen OWA not accept a username with the domain set was when the username matched (or closely matched the start of) a username. In that setup you had to use the full UPN or e-mail address to get in. Could this be the case for you?

Also try using netbios domain name followed by a star e.g DOMAIN* in the Authentication Methods.

ethos · 16 Aug 2008 at 14:41

Yep, if I go back into it the name is set, both patched up

Full upn/email address doesn't work either, tried that earlier. Obviously domain\username is working fine.

I'll give the "*" a go... thanks for the suggestions.

ethos · 16 Aug 2008 at 14:42

DOMAIN* Doesn't work....

I'm changing this in IIS AND System manager by the way... not sure if that makes a difference.

Stopping and starting the exchange virtual server + default website is enough to make the changes valid?

^^Gord^^ · 16 Aug 2008 at 14:57

With Exchange 2003 you should only be changing it within IIS (Exchange 2000 is different). I usually do an iisreset with the command prompt after changing.

ethos · 16 Aug 2008 at 15:19

So I should untick basic authentication on system manager and only change it in IIS?

I've tried this as well without much luck (restarting full iis now).

Why isn't anything ever easy?

^^Gord^^ · 16 Aug 2008 at 16:29

The default settings for withing ESM are (after checking on a server!) only basic auth ticked and the domain set to \

I'd set it back to that but I'm not sure it will totally undo any changes that were made. Do you have System Attendent installed and running? This service takes the settings and writes it to the IIS metadata.

I'd give it a go first but if not I would rebuild OWA.

http://support.microsoft.com/?kbid=883380

ethos · 16 Aug 2008 at 18:16

Hmm, I can get form based authentication working fine without domain\user by following this guide;

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

Maybe I should just use that, seems a bit easier then tinkering around for ages seeing why something that should work isn't. Can't see any disadvantages to using it either.... yet.

ethos · 19 Aug 2008 at 09:00

Got this all done now with a ssl cert from rapidsll (very cheap and seems good).

Only problem I have, is after editing the logon.asp file I can't use firefox? The logon button doesn't do anythin! Not finding much on the tinternet either about it.

Ie works a treat... any ideas?

I used the guide from the website above

^^Gord^^ · 19 Aug 2008 at 18:21

Yes, you need to undo the changes you made to the logon.asp. Form based authenication supports login without using a domain pre-fix post SP2.