Prior to SP1 for Exchange 2003, virtual directories and servers for OWA would only be accessible to users who had an email address in the SMTP domain configured for that virtual directory or server. The workaround involves tricky registry editing, and prevents EAS from working with more than one SMTP domain. That difference makes handling multiple SMTP domains very awkward if EAS is left in its default configuration state. EAS uses a different mechanism for handling requests than does OWA and OMA. Therefore, OMA can only support one configured SMTP domain.
As a result, only one HTTP virtual server configured with no host headers on port 80 can pick up these requests. The OMA application creates its WebDAV and content requests without the host-header from the original client requests. OWA frontend servers, OMA and EAS all require ?Integrated? authentication and no SSL on the ?Exchange? directory, and hence will fail to work when forms-based authentication is enabled in this way. If this is enabled on a backend server, the ?Exchange? directory will be automatically configured for Basic authentication only, and only SSL will be recommended. OWA has the option for forms-based authentication method. IMPORTANT: Deselecting the "Disable IIS Server If Agent Fails to Load" option will reduce the security of the serverĪdditional Information about OWA, OMA, and EAS Make sure that Require secure channel (SSL) is not enabled, and then click OK. Click Denied Access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OKġ0. Under IP address and domain name restrictions, click Editĩ. Make sure that only the following authentication methods are enabled, and then click OK:Ĩ. Right click ExchangeVDir and click Modify. Right click parameters > New > String Value. Name this value "ExchangeVDir" (this is case sensitive).Ħ. Using regedit locate the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters. Confirm that the new folder "exchange-eas" exists in the web site, then confirm that the only authentication methods enabled for this folder are integrated and basic (and not SecurID)ĥ. IIS will tell you that the virtual folder already exists, so in the Alias box, type "exchange-eas" and click OK.Ĥ. Browse to file created above, select "read file", select location, then click OK.
Right click the default web site > New > Virtual Directory (from file). Right click the Exchange folder in IIS > All Tasks > Save configuration to file. At this point, Microsoft Outlook Web Access (OWA) is successfully protected, but of course Exchange ActiveSync (EAS) breaks due to the known problem (Exchange protected with SecurID).Ģ. Enable RSA SecurID protection for exchange and public folders. The solution has not been through RSA Security QA, and should not be considered as a supported solution, as RSA Security cannot provide support for this.ġ. NOTE: This article describes a workaround only. The information below is based on Microsoft knowledgebase article KB817379.
0 kommentar(er)
