You must enter your logon credentials two times when you log on to Outlook Web App


When you connect to Outlook Web App on a Microsoft Exchange Server 2010 Client Access Server (CAS), and you try to access a Microsoft Exchange Server 2007 mailbox, you are prompted two times for authentication.

The first prompt is the Forms-based authentication (FBA) page for the Exchange Server 2010 CAS. The second prompt is for the Microsoft Exchange Server 2007 CAS page.

Note When FBA is not used, a silent proxy to the Exchange Server 2007 CAS is not available.


This issue occurs when an authentication method other than FBA is set for the ExternalAuthenticationMethods parameter for Outlook Web App on the Exchange 2007 CAS.

To provide a silently proxy request for an Exchange 2007 mailbox when you connect through an Exchange Server 2010 CAS, FBA must be enabled for the /owa virtual directory on the Exchange Server 2007 CAS. This process is known as single sign-on (SSO).

Note The FormsAuthentication parameter for the /owa virtual directory must also be set to $true. This $true value reflects the setting in the Exchange Management Console user interface.


To change the ExternalAuthenticationMethods parameter on the Exchange Server 2007 CAS server to use FBA, follow these steps:
  1. Click Startstart button , point to All Programs, point to Exchange Server 2007, and then click Exchange Management Shell.
  2. At the command prompt, run the following cmdlet:

    Set-OwaVirtualDirectory "owa (default Web site)" -ExternalAuthenticationMethods FBA
  3. Run the IISreset command to reset Internet Information Services (IIS) on both Exchange Server 2010 CAS and Exchange 2007 CAS. You run this command to make sure that your changes take effect immediately. To do this, follow these steps:

    For the Exchange Server 2010 CAS:
    1. Click Startstart button , and then type cmd in the Search programs and files box.
    2. Right-click cmd.exe in the Programs list, and then click Run as administrator.
      UAC If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    3. At the command prompt, copy or type the following command, and then press ENTER:
      IISreset /noforce
    Note For the Exchange Server 2007 CAS, repeat steps 3a through 3c.

More Information

To verify the ExternalAuthenticationMethods parameter, run the following cmdlet from the Exchange Management Shell:
Get-owaVirtualDirectory "owa (default Web site)" | fl name, externalauthentication*
The resulting output resembles the following:
Name: owa (default Web site)

ExternalAuthenticationMethods: {Ntlm}

Article ID: 981541 - Last Review: Mar 18, 2010 - Revision: 1