By default, forms-based authentication is not enabled for Outlook Web Access in Exchange2007. Forms-based authentication stores the user's user name and password in a cookie instead of in the browser. When the user leaves an OWA session or after the expiration of the inactivity period, the cookie is cleared. As a result, the user must re-authenticate to use OWA again. This is a good security measure.To enable the Outlook Web Access logon page, do the following:
- Open the Exchange Management Console.
- Choose Server Configuration > Client Access.
- Click the "Owa (Default Web Site)" entry.
- From the Action pane, choose the Properties option.
- From the Owa (Default Web Site) Properties page, click the Authentication tab. Under the "Use Forms-Based Authentication" option there are three options for enforcing a particular logon format. The Domain\User Name option is self-explanatory and is useful if you have multiple domains. The User Principal Name (UPN) option, or e-mail address format, is probably the easiest for users to remember since they use it all the time. The User Name Only option is the last option, which is also self explanatory. If you choose the User Name Only format, you also need to choose a Logon Domain.
- Click OK
Because this change affects IIS, you must restart IIS. From a command line on the Outlook Web Access server, issue the command iisreset /noforce.
Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive with CampusWorks, Inc. Scott is available for consulting, writing, and speaking engagements and can be reached at email@example.com.