You must enter your logon credentials two times when you log on to Outlook Web App

Article translations Article translations
Article ID: 981541 - View products that this article applies to.
Expand all | Collapse all


When you connect to Outlook Web App on a Microsoft Exchange Server 2010 Client Access Server (CAS), and you try to access a Microsoft Exchange Server 2007 mailbox, you are prompted two times for authentication.

The first prompt is the Forms-based authentication (FBA) page for the Exchange Server 2010 CAS. The second prompt is for the Microsoft Exchange Server 2007 CAS page.

Note When FBA is not used, a silent proxy to the Exchange Server 2007 CAS is not available.


This issue occurs when an authentication method other than FBA is set for the ExternalAuthenticationMethods parameter for Outlook Web App on the Exchange 2007 CAS.

To provide a silently proxy request for an Exchange 2007 mailbox when you connect through an Exchange Server 2010 CAS, FBA must be enabled for the /owa virtual directory on the Exchange Server 2007 CAS. This process is known as single sign-on (SSO).

Note The FormsAuthentication parameter for the /owa virtual directory must also be set to $true. This $true value reflects the setting in the Exchange Management Console user interface.


To change the ExternalAuthenticationMethods parameter on the Exchange Server 2007 CAS server to use FBA, follow these steps:
  1. Click Start
    Collapse this imageExpand this image
    start button
    , point to All Programs, point to Exchange Server 2007, and then click Exchange Management Shell.
  2. At the command prompt, run the following cmdlet:
    Set-OwaVirtualDirectory "owa (default Web site)" -ExternalAuthenticationMethods FBA
  3. Run the IISreset command to reset Internet Information Services (IIS) on both Exchange Server 2010 CAS and Exchange 2007 CAS. You run this command to make sure that your changes take effect immediately. To do this, follow these steps:

    For the Exchange Server 2010 CAS:
    1. Click Start
      Collapse this imageExpand this image
      start button
      , and then type cmd in the Search programs and files box.
    2. Right-click cmd.exe in the Programs list, and then click Run as administrator.
      Collapse this imageExpand this image
      If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    3. At the command prompt, copy or type the following command, and then press ENTER:
      IISreset /noforce
    Note For the Exchange Server 2007 CAS, repeat steps 3a through 3c.


To verify the ExternalAuthenticationMethods parameter, run the following cmdlet from the Exchange Management Shell:
Get-owaVirtualDirectory "owa (default Web site)" | fl name, externalauthentication*
The resulting output resembles the following:
Name: owa (default Web site)
ExternalAuthenticationMethods: {Ntlm}


Article ID: 981541 - Last Review: March 18, 2010 - Revision: 1.0
  • Microsoft Exchange Server 2010 Coexistence
  • Microsoft Exchange Server 2010 Enterprise
  • Microsoft Exchange Server 2010 Standard
  • Microsoft Exchange Server 2007 Enterprise Edition
  • Microsoft Exchange Server 2007 Standard Edition
  • Microsoft Exchange Server 2007 Service Pack 1
  • Microsoft Exchange Server 2007 Service Pack 2
kblogin kbemail kbexpertiseinter kbtshoot kbsurveynew kbprb KB981541

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from