Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 13269 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reverse Authentication / OWA Exchange 2013

PeterRL
Hi,

I´m been reading several posts from this forum trying to figure it out what i´m doing wrong - but unfortunatelly i didn´t had any success.

Basically, i´m configuring the OWA using the webserver protection, w/ reverse authentication.

What i´ve done:

a)Created the real webserver (https - port 443).

b)Created a firewall rule only making antivirus scan and selecting the "Pass  Outlook Anywhere" option.

c)Created two Virtual Webservers 

  1. publish access to OWA and Autodiscover 
  2. publish access to OA

d) Created two Reverse Authentication Profiles
   1. mode:"basic"
   2. Users/Groups: "Active directory Users"
   3. Real WebServer: "Mode": basic; "User name afix": "none"


Finally, on "Site Path routing" i´ve configured forms reverse authentication to OWA, ECP. 
Basic reverse authentication to rpc.

On the exchange side (exchange 2013) on the IIS administration, i´ve configured the virtual directories of owa, ecp, rpc, autodiscover, EWS and OAB to accept basic authentication and also added the Default Domain.

What happens is that the access to owa, is made, get the forms authentication, and after a succesfull validation, instead of having access to the OWA, i´m redirected to the OWA authentication form from the exchange server.

i´ve gathered the logs both from the webserver protection and from the IIS logs to try to check:


IIS:

2015-02-18 12:37:19 ::1 POST /OWA/auth.owa - 443 HealthMailbox3055292aea5e43f1b9fc33f37a06ff6c@***x.pt ::1 AMProbe/Local/ClientAccess - 302 0 0 15
2015-02-18 12:37:19 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 31
2015-02-18 12:37:23 192.168.62.5 GET /owa - 443 - 192.168.xx.3 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 302 0 0 31
2015-02-18 12:37:25 ::1 GET /ecp/ReportingWebService/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 15
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 0 0 0
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 1 2148074254 0
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 1 2148074252 15

Webserver:

2015:02:18-12:37:15 utm reverseproxy: id="0299" srcip="62.169.76.217" localip="83.***.***.182" size="3070" user="-" host="62.169.76.217" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="19516" url="/owa/auth/logon.aspx" server="owa.***x.pt" referer="-" cookie="logondata=acc=0&lgn=internal.***x.pt\rui.fernandes; PrivateComputer=true" set-cookie="-"
2015:02:18-12:37:24 utm reverseproxy: id="0299" srcip="62.169.76.217" localip="83.***.***.182" size="140" user="-" host="62.169.76.217" method="POST" statuscode="302" reason="-" extra="-" exceptions="-" time="115686" url="/owa/auth.owa" server="owa.***.pt" referer="owa.***.pt/.../logon.aspx
sta

(Sorry for the long post)


This thread was automatically locked due to age.
Unfiltered HTML