Exchange 2003 OWA Authentication Problem

I've got a problem with OWA, and I'm pretty much at the end of my rope with this. OWA authenticates perfectly on the internal network. No problems at all. On the outside, you have to log in two or three times before it "sticks" at which point it won't ask you to authenticate again for hours.

The problem cropped up after an admin left and we were forced to change a bunch of passwords, so it's almost certainly a password/directory ownership issue somewhere. However, I've gone over the configuration and I can't find anything that's not running with a password unique to the local machine.

The setup is Exchange 2003, running behind an Apache proxy. Since the problem is external only, I've gone over the proxy extensively, and I can't find any problems. The whole setup has been running fine for ~4 years, so again, it's probably tied to the password change (which shouldn't have effected the proxy in any way).

I'm sure it's some stupid configuration setting that I'm missing, but I can't find it for the life of me. Anyone have any ideas?

@PQD

Here's mine:

SetOutputFilter proxy-html
RequestHeader unset Accept-Encoding
ProxyHTMLURLMap https://myserver.mydomain.com/exchange /exchange

ProxyPass /exchange https://myserver.mydomain.com/exchange
ProxyPassReverse /exchange https://myserver.mydomain.com/exchange

ProxyPass /exchweb https://myserver.mydomain.com/exchweb
ProxyPassReverse /exchweb https://myserver.mydomain.com/exchweb

ProxyPass /public https://myserver.mydomain.com/public
ProxyPassReverse /public https://myserver.mydomain.com/public

ProxyPass /OMA https://myserver.mydomain.com/OMA
ProxyPassReverse /OMA https://myserver.mydomain.com/OMA

ProxyPass /Microsoft-Server-ActiveSync https://myserver.mydomain.com/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://myserver.mydomain.com/Microsoft-Server-ActiveSync

I'm pretty sure this isn't the problem. Nothing has changed on the proxy, and this configuration has worked for years.

# you can skip it if internet clients use http RequestHeader set Front-End-Https "On" ProxyPass /exchange http://owa.company.com/exchange/ ProxyPassReverse /exchange http://owa.company.com/exchange/ ProxyPass /exchweb http://owa.company.com/exchweb/ ProxyPass /oma http://owa.company.com/oma ProxyPassReverse /oma http://owa.company.com/oma ProxyPassReverse /exchweb http://owa.company.com/exchweb/ ProxyPass /public http://owa.company.com/public/ ProxyPassReverse /public http://owa.company.com/public/ ProxyPass /iisadmpwd http://owa.company.com/iisadmpwd/ ProxyPassReverse /iisadmpwd http://owa.company.com/iisadmpwd/

Best Answer

setting apache2 reverse proxy for exchange 2003 owa was [ censored ]. but at the end it works fine for me.

the trick was to fool apache into thinking that in-house exchange server has same host-name as one under which people access the apache from the outside of company.

so in dns i have: owa.company.com pointing to public ip of apache and in /etc/hosts of machine with apache reverse proxy i have owa.company.com pointing to the internal ip of exchange:

10.11.12.13     owa.company.com

my apache also does ssl encryption - internet uses connect over https, while apache uses http to talk with exchange. in vhost configuration i have:

obiously mod_proxy, mod_proxy_http are loaded.

and yes - i'm aware that this sounds like voodoo; it does to me, but i found it described somewhere, applied - and it worked. what can i say...

Best Answer

Related Solutions

Exchange 2007 OWA – Can log in, but no graphics / broken images

Exchange 2003 Outlook Anywhere – Changed certificate, not working

Related Topic