The FBA page is displayed when a user accesses OWA or ECP to log on to Exchange Server 2013

Symptoms
In Microsoft Exchange Server 2013, you have forms-based authentication (FBA) disabled for Microsoft Outlook Web App (OWA) and for Exchange Control Panel (ECP). Additionally, you have either Windows Integrated or Basic Authentication enabled. After you upgrade Exchange Server 2013 to a newer build, the forms-based authentication (FBA) page is displayed when a user accesses OWA or ECP. Additionally, the FBA page continues to appear even after the user provides valid credentials.
Cause
This problem occurs because the upgrade process copies the default Web.config file over the existing, customized Web.config file. This results in all existing settings being lost. This includes the HTTP module settings.
Workaround
To work around this problem, reconfigure the desired authentication mechanism on the OWA or ECP virtual directories. To do this, follow these steps:

Note These steps will reconfigure Windows Integrated Authentication on OWA and ECP virtual directories by using the Exchange Management Shell.
  1. Review the authentication configuration. To do this, run the appropriate command:

    For OWA, run the following command:

    Get-OwaVirtualDirectory -Server exch3 | fl *auth*


    For ECP, run the following command:

    Get-EcpVirtualDirectory -Server exch3 | fl *auth*

  2. Run the appropriate command to disable FBA and to enable Windows Integrated Authentication:

    For OWA, run the following command:

    Set-OwaVirtualDirectory -Identity "EXCH3\owa (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true


    For ECP, run the following command:

    Set-EcpVirtualDirectory -Identity "EXCH3\ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true

  3. Run IISReset to restart Internet Information Services (IIS).

See View or Configure Outlook Web App Virtual Directories for information about how to use the Exchange Admin Center (EAC) or the Exchange Management Shell to view or configure the properties of an Outlook Web App virtual directory.
More information
To retrieve the settings of Microsoft Office Outlook Web App virtual directories on a computer that is running Exchange Server 2013 and that has the Client Access server role installed, run the following command:

Get-OwaVirtualDirectory -Server exch3 | fl *auth*


The following is an example of the results that are returned by this command:

ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}

References
See Get-OwaVirtualDirectory for information about how to retrieve all Office Outlook Web App virtual directories on a computer that is running Microsoft Exchange Server 2013 and that has the Client Access server role installed.

See Set-EcpVirtualDirectory for information about how to change the properties of an ECP virtual directory.
Properties

Article ID: 2871485 - Last Review: 10/01/2015 07:27:00 - Revision: 2.0

Microsoft Exchange Server 2013 Enterprise, Microsoft Exchange Server 2013 Standard, Exchange Server 2016 Enterprise Edition, Exchange Server 2016 Standard Edition

  • kbsurveynew kbexpertiseinter kbprb KB2871485
Feedback