Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Users always get the FBA page when they access OWA or ECP in Exchange Server 2013


View products that this article applies to.

Symptoms

Assume that you use the following command to enable Integrated Windows Authentication or Basic Authentication:

Set-OwaVirtualDirectory “CAS1\owa (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $trueSet-ECPVirtualDirectory “CAS1\ecp (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

After you do this, FormsAuthentication is displayed as disabled in the Outlook Web Access (OWA) and Exchange Control Panel (ECP) virtual directories:

ClientAuthCleanupLevel : High
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
However, clients keep encountering forms-based authentication (FBA) when they try to log on to OWA or ECP.

Note Clients can log on successfully after they provide the correct credentials.

↑ Back to the top


Resolution

To resolve this issue, install the following cumulative update:
2936880 Cumulative Update 5 for Exchange Server 2013

↑ Back to the top


Workaround

To work around this issue, make sure that you specify -FormsAuthentication $false when you disable FBA and enable other authentication types in the OWA or ECP virtual directories. To do this, follow these steps:
  1. Enable forms-based authentication.
    • For OWA, run the following command:

      Set-OwaVirtualDirectory -Identity "CAS1\owa (Default Web Site)" -FormsAuthentication $True
    • For ECP, run the following command:

      Set-ECPVirtualDirectory -Identity "CAS1\ECP (Default Web Site)" -FormsAuthentication $True
  2. Enable the authentication type that you want, and specify -FormsAuthentication $false.
    • For OWA, run the following command:

      Set-OwaVirtualDirectory -Identity "CAS1\owa (Default Web Site)" -FormsAuthentication $False -WindowsAuthentication $true -BasicAuthentication $true
    • For ECP, run the following command:

      Set-ECPVirtualDirectory -Identity "CAS1\ECP (Default Web Site)" -FormsAuthentication $False -WindowsAuthentication $True -BasicAuthentication $True
  3. Perform an IISReset operation. For more information about how to do this, see How to restart IIS.

↑ Back to the top


Keywords: kb, kbexpertiseadvanced, kbfix, kbqfe, kbsurveynew

↑ Back to the top

Article Info
Article ID : 2925559
Revision : 2
Created on : 8/13/2020
Published on : 8/13/2020
Exists online : False
Views : 345