General discussion

Locked

Outlook Web Access Authentication

By patrizia.pierani@emersonp ·
Our implementation of Outlook Web Access (OWA)consists of an Exchange 5.5 SP1 Server and a separate IIS Server with OWA. It works great.
My concern is security. We did not implement SSL because it is complicated and requires users intervention to encrypt messages they send from their machines. We know our users, and they will forget 90% of the time.
I would like to be able to at least encrypt User ID and password. The way to do that is to enable NT challenge/response
authentication only in IIS.
Unfortunately, Exchange 5.5 forbids to do that if IIS is installed on a physically separate server than the one Exchange Server is installed on. The only authentication methods allowed in this scenario are Basic Clear Text and Anonymous.
Is there a way to work around this serious limitation short of upgrading to Exchange 2000 (not in our plans for now)?
Thanks everyone for any advice on this.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Outlook Web Access Authentication

by dheupel In reply to Outlook Web Access Authen ...

Install IIS on your Exchange Server machine. On your primary IIS server, in the Default web site properties, set inbound traffic to http://yourdomain.com/exchange to point to your Exchange server.

Collapse -

Outlook Web Access Authentication

Thanks for the interesting suggestion which I will keep in mind for future projects. However, if I could have installed IIS on the Exchange server I would have done it in the first place. Installing IIS on the Exchange server is not an option because of various hw/sw SP conflicts (IIS requires SP4). My question is in an environment where IIS Server and Exchange Server cannot coexist on the same box. Thanks.

Collapse -

Outlook Web Access Authentication

by LLou In reply to Outlook Web Access Authen ...

We had the same setup (but with Exchange 5.5 SP3). Separate machines. If you refer to MS article Q218445, apply SSL on IIS (you don't need to buy a certificate from Verisign, you can just create a certificate server on an NT 4.0 machine) and then look at Q234022. The setup doesn't take long, you just need to tweak the OWA files a little. The logon takes a little time as the certificate loads, but the users don't have to do anything different and it encrypts user id and password. No cost, not much effort.

Collapse -

Outlook Web Access Authentication

Poster rated this answer

Collapse -

Outlook Web Access Authentication

This question was closed by the author

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums