Announcement

Collapse
No announcement yet.

Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

    Hello

    my testing server:

    server2003R2 (dc and exchange std) all updates and sp's installed

    OWA is working and configured to use SSL and Forms based authentication...
    i followed the how to's here at www.petri.com (great how to's)

    now i try to enable OMA on the same server... but i see that its not the easy...
    i followed this how to http://www.petri.com/configure_oma.htm

    and OMA is not working... i get this error in the event log

    Event Type: Error
    Event Source: MSExchangeOMA
    Event Category: (1000)
    Event ID: 1503
    Date: 1/10/2007
    Time: 6:19:49 PM
    User: N/A
    Computer: SUN
    Description:
    An unknown error occurred while processing the current request:
    Message: The remote server returned an error: (403) Forbidden.
    Source: Microsoft.Exchange.OMA.ExchangeDataProvider
    Stack trace:
    at Microsoft.Exchange.OMA.ExchangeDataProvider.OmaWeb Request.GetRequestStream()
    at Microsoft.Exchange.OMA.ExchangeDataProvider.Exchan geServices.GetSpecialFolders()
    at Microsoft.Exchange.OMA.ExchangeDataProvider.Exchan geServices..ctor(UserInfo user)

    Message: Exception has been thrown by the target of an invocation.
    Source: mscorlib
    Stack trace:
    at System.Reflection.RuntimeConstructorInfo.InternalI nvoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean isBinderDefault)
    at System.Reflection.RuntimeConstructorInfo.Invoke(Bi ndingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
    at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
    at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
    at Microsoft.Exchange.OMA.UserInterface.Global.Sessio n_Start(Object sender, EventArgs e)

    Message: Exception of type Microsoft.Exchange.OMA.DataProviderInterface.Provi derException was thrown.
    EventMessage:
    UserMessage: A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
    Source: Microsoft.Exchange.OMA.UserInterface
    Stack trace:
    at Microsoft.Exchange.OMA.UserInterface.Global.Sessio n_Start(Object sender, EventArgs e)
    at System.Web.SessionState.SessionStateModule.RaiseOn Start(EventArgs e)
    at System.Web.SessionState.SessionStateModule.Complet eAcquireState()
    at System.Web.SessionState.SessionStateModule.BeginAc quireState(Object source, EventArgs e, AsyncCallback cb, Object extraData)
    at System.Web.AsyncEventExecutionStep.System.Web.Http Application+IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously)


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    ok so i searched at google and i found this
    Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
    http://support.microsoft.com/kb/817379

    so i read and i find that i have to:
    Method 1
    Install and configure an Exchange Server 2003 computer as a front-end server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    or
    Method 2
    Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

    Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

    Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. You must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these instructions:

    Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
    1. Start Internet Information Services (IIS) Manager.
    2. Locate the Exchange virtual directory. The default location is the following:
    Web Sites\Default Web Site\Exchange
    3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
    4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
    5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
    6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
    7. Under Select a configuration to import , click Exchange, and then click OK.

    A dialog box will appear that states that the "virtual directory already exists."
    8. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
    9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
    10. Click the Directory Security tab.
    11. Under Authentication and access control, click Edit.
    12. Make sure that only the following authentication methods are enabled, and then click OK:
    Integrated Windows authentication
    Basic authentication
    13. Under IP address and domain name restrictions, click Edit.
    14. Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
    15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
    16. Click OK, and then close the IIS Manager.
    17. Click Start, click Run, type regedit, and then click OK.
    18. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MasSync\Parameters
    19. Right-click Parameters, click to New, and then click String Value.
    20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

    NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
    21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type exchange-oma. Click OK.
    22. Quit Registry Editor.
    23. Restart the IIS Admin service. To do this, follow these steps:
    a. Click Start, click Run, type services.msc, and then click OK.
    b. In the list of services, right-click IIS Admin service, and then click Restart.


    is there no other solution?
    has someone installed OMA and OWA with ssl and forms based authentication on the same server here?

    thanks for any help
    Yaniv F
    MCSE 2000 Done
    RHCE Done

  • #2
    Re: Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

    In most cases I saw, method 2 solved the problem - why don't you try it?
    CNE 5, CCA, MCSE NT4.0-2003, MCSE 2003 messaging, Exchange Server MVP.
    Tzahi Kolber - IT Supervisor
    Polycom Israel.

    Comment


    • #3
      Re: Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

      Method 2 is the only supported way of getting things to work. SBS R2 comes with OWA already configured that way.

      What the KB article doesn't say though is that you need to disable forms based authentication and the require SSL option before exporting the virtual directory.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

        thanks for the information... ill give it a shot now and ill update my results.
        MCSE 2000 Done
        RHCE Done

        Comment


        • #5
          Re: Question: enable OMA on exchange2003R2 with ssl and forms based auth enabled

          GREAT

          i have done it with the second solution from MS and it worked

          What the KB article doesn't say though is that you need to disable forms based authentication and the require SSL option before exporting the virtual directory.
          thanks for that.


          i enabled after the changes both ssl and forms based authentication again for the OWA and everything is working...

          thanks
          MCSE 2000 Done
          RHCE Done

          Comment

          Working...
          X