We are protecting our OWA through the UTM's WAF. (UTM is on 9.714-4)
Since a while, it works like expected, until today, where a user comes by and complains about connection issues with his mobile device.
Turns out, the problem seams to be a ">" in in his Password.
Hi's able to login to OWA directly from the the internal network but not from outside via WAF.
When the login fails through WAF the Exchange Logs shows:
An account failed to log on.Subject: Security ID: SYSTEM Account Name: Mailserver$ Account Domain: Domain Logon ID: 0x3E7Logon Type: 8Account For Which Logon Failed: Security ID: NULL SID Account Name: username Account Domain: domainFailure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A
The Firewall log:
2023:02:28-09:51:18 host-1 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="26739" user="-" host="xxx.xxx.xxx.xxx" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="61956" url="/owa/auth/logon.aspx" server="exchange.local" port="443" query="?url=https%3a%2f%2fexchange.local%2fowa%2f&reason=2" referer="">exchange.local/.../logon.aspx cookie="cookieTest=1; logondata=acc=0&lgn=domain\\user; _ga=GA1.1.1705732369.1677573787; _ga_M9BP2QSXKX=GS1.1.1677573786.1.1.1677574145.0.0.0; PrivateComputer=true; PBack=0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_3AhrzZbUm4FR9sBGOLLAAAAHQ"
This thread was automatically locked due to age.
