Announcement

Collapse
No announcement yet.

owa connectivity issues with forms based auth

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • owa connectivity issues with forms based auth

    Hi,

    We recently installed Exchange 2010 in coexistance environment with 2003.

    After changing the authentication to forms based on 2003 I get page cannot be displayed in owa and blackberry/iphone users' credentials being rejected.

    We use the exported san ssl cert from the 2010 server, which replaced the previous single ssl cert that was configured when we setup rpc over http using Daniel's guide. (http://www.petri.com/how-can-i-confi...r-scenario.htm)

    Problem is with https://mail.contoso.com/exchange, if I use the internal host (i.e: https://servername.contoso.com/exchange) with forms based it works.

    Also, If I turn off forms-based everything works again.

    Any help would be greatly appreciated!
    Last edited by YosiNYC; 4th June 2010, 05:11.

  • #2
    Re: owa connectivity issues with forms based auth

    Follow up:

    I reverted back to the original 2003 Cert and it works!

    Question is:

    Can I keep this cert on 2003 while in coexistence with Exchange 2010?

    Old cert has:
    Subject: mail.mydomain.com
    SAN: mail.mydomain.com, www.main.mydomain.com
    1024 bits enc.

    New Cert has:
    Subject: mail.mydomain.com
    SANs:
    mail.mydomain.com
    www.mail.mydomain.com
    Internal-Server.mydomain.com
    Internal-Server
    autodiscover.mydomain.com
    legacy.mydomain.com
    2048 bits enc.
    Last edited by YosiNYC; 4th June 2010, 17:37.

    Comment


    • #3
      Re: owa connectivity issues with forms based auth

      You are aware that Exchange 2010 cannot proxy older versions of OWA?
      All it will do is redirect. Therefore if you want to have a co-existance scenario then you must have two URLs, which means two SSL certificates, two IP addresses etc.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: owa connectivity issues with forms based auth

        yes, we do have 2 ips and 2 certs. One of the steps in the upgrade was to export the newly created 2010 cert and apply it to 2003.

        For some reason I had connectivity issues with the new cert, but now it seems like it's working.

        The only issue I have now is with BIS accounts not validating, when I create new ones it creates an IMAP account, when I turn off Forms-based it works again, any idea on a work around?

        your advice is greatly appreciated.

        thanks.
        Last edited by YosiNYC; 6th June 2010, 18:23.

        Comment


        • #5
          Re: owa connectivity issues with forms based auth

          Stop using BIS then.
          Deploy BES Express instead and get the full Blackberry experience. I don't believe that BIS is supported with the later versions of Exchange anyway.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: owa connectivity issues with forms based auth

            Funny you're saying it, I just had it implemented 3 days ago and testing...

            Just out of curiousity, is it safe to say that there isn't a workaround for having forms-based together with BIS?

            thanks for your help as always...

            Comment


            • #7
              Re: owa connectivity issues with forms based auth

              I have no idea whether there is a work around or not, as I have never used BIS. Every deployment of Blackberry I have done has always been with a BES/BES Express. Never even attempted to use BIS as I don't see the point. You get about 20% of the functionality and someone using BIS has the Blackberry for show, nothing more.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X