When an external user tries to access OWA that is published in ISA Server 2006 or in Windows Essential Business Server 2008, the user does not receive the OWA forms-based authentication page

Article translations Article translations
Article ID: 935206 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When an external user tries to access the Microsoft Office Outlook Web Access (OWA) Web site, the user receives an RSA SecurID authentication form. Then, the user sends the correct credentials in the RSA form to Microsoft Internet Security and Acceleration (ISA) Server 2006 or to Windows Essential Business Server 2008. However, the user does not receive an OWA forms-based authentication page.

Note This problem also occurs when you use other validation methods. For example, when you use the Windows (Active Directory) validation method, this problem occurs.

This problem occurs if the following conditions are true:
  • Microsoft Exchange Server 2003 is configured to use OWA forms-based authentication.
  • OWA is published in ISA Server 2006 or in Windows Essential Business Server 2008.
  • In the Web listener that the OWA Web publishing rule uses, the HTML Form Authentication authentication method and the RSA SecurID authentication method are configured.
  • In the OWA Web publishing rule, the Authentication Delegation option is set to No delegation, but client may authenticate directly.

CAUSE

This problem occurs because of a design change in ISA Server 2006 or in Windows Essential Business Server 2008.

RESOLUTION

Note You can only use this resolution if following conditions are true:
  • You publish Exchange Server 2003 OWA in ISA Server 2006 or in Windows Essential Business Server 2008.
  • You publish OWA by using a standard Web publishing rule instead of by using the New Exchange Publishing Rule Wizard.
  • The publishing rule does not enable Single Sign-On (SSO).
  • In the HTTP configuration of the OWA Web publishing rule, the Verify normalization option is disabled.
To resolve this problem, apply a hotfix package, and then run a Microsoft Visual Basic script on the computer that is running ISA Server 2006 or Windows Essential Business Server 2008. To do this, follow these steps:
  1. Apply the hotfix package that is described in the following Microsoft Knowledge Base article:
    937103 Description of the Internet Security and Acceleration Server 2006 hotfix package that is dated May 14, 2007
  2. Start Notepad.
  3. Copy the following script into a Notepad file.
    ' Copyright (c) Microsoft Corporation. All rights reserved.
    ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
    ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
    ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
    ' HEREBY PERMITTED.
    
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME = "EnableHotfix935206"
    Const SE_VPS_VALUE = true
    
    Sub SetValue()
    
        ' Create the root obect.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
    
        ' Get references to the array object
        ' and the network rules collection.
        Set array = root.GetContainingArray
        Set VendorSets = array.VendorParametersSets
    
        On Error Resume Next
        Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    
        If Err.Number <> 0 Then
            Err.Clear
    
            ' Add the item
            Set VendorSet = VendorSets.Add( SE_VPS_GUID )
            CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
    
        Else
            WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
        End If
    
        if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
    
            Err.Clear
            VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
    
            If Err.Number <> 0 Then
                CheckError
            Else
                VendorSets.Save false, true
                CheckError
    
                If Err.Number = 0 Then
                    WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
                End If
            End If
        Else
            WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
        End If
    
    End Sub
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
    SetValue
    
  4. Save the file as a Visual Basic script file by using the .vbs file name extension. For example, save the file by using the following name:
    Enable_935206.vbs
  5. Copy the Enable_935206.vbs file to the computer that is running ISA Server 2006 or Windows Essential Business Server 2008, and then double-click the file.

Hotfix removal information

Important Before you remove the hotfix that is mentioned in this article, you must run the following script.
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.

Const SE_VPS_GUID = ""{143F5698-103B-12D4-FF34-1F34767DEabc}""
Const SE_VPS_NAME = ""EnableHotfix935206""
Const SE_VPS_VALUE = false

Sub SetValue()

    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject(""FPC.Root"")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )

    If Err.Number <> 0 Then
        Err.Clear

        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo ""New VendorSet added... "" & VendorSet.Name

    Else
        WScript.Echo ""Existing VendorSet found... value- "" &  VendorSet.Value(SE_VPS_NAME)
    End If

    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError

            If Err.Number = 0 Then
                WScript.Echo ""Done with "" & SE_VPS_NAME & "", saved!""
            End If
        End If
    Else
        WScript.Echo ""Done with "" & SE_VPS_NAME & "", no change!""
    End If

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo ""An error occurred: 0x"" & Hex(Err.Number) & "" "" & Err.Description
        Err.Clear
    End If

End Sub

SetValue     

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

In the Applications Settings tab of the OWA Web publishing rule, the Published server logoff URL text box is empty. This behavior is not a problem. However, after you apply this hotfix, ISA Server or Windows Essential Business Server 2008 uses the following standard logoff URL:
?cmd=logoff

REFERENCES

For more information about authentication in ISA Server 2006, visit the following Microsoft TechNet Web site:
http://technet.microsoft.com/en-us/library/bb794722.aspx

Properties

Article ID: 935206 - Last Review: May 25, 2010 - Revision: 3.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Windows Essential Business Server 2008
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
  • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbtshoot kbexpertiseinter kbprb KB935206

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com