Saturday, June 6, 2009

Client Access Server with Exchange 2003 Backend Single Username OWA

I implemented an exchange 2007 client access server with forms based authentication. However whenever exchange 2003 mailbox users tried to login to their OWA they had to enter domain\username instead of just username. After much fiddling around here is how I got it working with just username for exchange 2003 mailbox users.

Exchange 2007 settings:

Set-OWAVirtualDirectory -Identity "owa (default web site)" -LogonFormat username -DefaultDomain "yourdomainnamehere"

Screenshot from exch2007 console:

Exchange 2003 settings:

Exchange 2003 was not set to use form based authentication. I enabled forms based authentication so match the exchange 2007 server. This makes sence seeming the exchange 2007 client access server "proxies" the requests to the backend exchange 2003 OWA.

However this alone did not make the solution work. Integrated Windows Authentication needed to be enabled on the "Exchange" virtual directory in IIS. Also because exchange 2007 is already entering in the default domain name for you, in the domain box just enter a \.

These settings allowed exchange 2003 users to login successfully by just entering their username.

However for users that have been migrated accross to an exchange 2007 mailbox server, if they go to they need to still enter domainname\user. This is because for exchange 2007 uses /owa for its webmail instead of /exchange. However if a user does enter /exchange to access their mailbox it is smart enough to send them the right direction by using Davex.dll that redirects the users request from /exchange to /owa on the client access server. This redirection process is the part that does not support for a single username.

If users go to the correct address for exchange 2007 which is they will not have this issue and will be able to sign in using a single username.

I found this microsoft website very handy as it shows you the inside workings of OWA redirection between exchange 2000/2003 and 2007:

No comments:

Post a Comment