|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Owa default domainI had an old exchange 2003 server that was also a primary domain
controller. I could log into OWA without typing a default domain. I built a new exchange 2003 server that doesn't act as a primary domain controller. I moved all mailboxes over. For some reason out of the gate I had to type domain\username when logging into webmail. The only way I could get it to work without that is to turn of Windows Integrated Authentication and change the default domain from TEST to "\" without the qoutes. The probably is that it messes up OMA and I get an error staying in the event viewer that Active Sync doesn't support that type of negotiation. So I just tried chosing Windows Integrated Authentication. The Active Sync started working but I had to start typing in the domain again when accessing OWA. So I changed the settings of /exchange to not use Windows Integrated Authentication and changed change /oma to use WIA. That didn't seem to help. Why would it be on my old server I could have Windows Integrated Authentication checked and have my domain as the default instead of a "\" but now I can't on the new server? Does it make a difference that it is not a domain controller?
Show quote
Hide quote
"mark.a.constant" <mark.a.const***@gmail.com> wrote in message Yes, it does make a difference. You can set a default domain for basic news:7e786125-a375-497c-b66e-413128bee9b2@h31g2000yqd.googlegroups.com... >I had an old exchange 2003 server that was also a primary domain > controller. I could log into OWA without typing a default domain. I > built a new exchange 2003 server that doesn't act as a primary domain > controller. I moved all mailboxes over. For some reason out of the > gate I had to type domain\username when logging into webmail. The only > way I could get it to work without that is to turn of Windows > Integrated Authentication and change the default domain from TEST to > "\" without the qoutes. The probably is that it messes up OMA and I > get an error staying in the event viewer that Active Sync doesn't > support that type of negotiation. So I just tried chosing Windows > Integrated Authentication. The Active Sync started working but I had > to start typing in the domain again when accessing OWA. So I changed > the settings of /exchange to not use Windows Integrated Authentication > and changed change /oma to use WIA. That didn't seem to help. Why > would it be on my old server I could have Windows Integrated > Authentication checked and have my domain as the default instead of a > "\" but now I can't on the new server? Does it make a difference that > it is not a domain controller? auth, but not for integrated. On a member server, IIS will try to valid a username that is not supplied with a domain name against it's own local accounts. On a DC, it will validate it against the domain, since a DC does not have local accounts. Lee. -- _______________________________________ Outlook Web Access for PDA, OWA For WAP: www.leederbyshire.com ________________________________________ I get most of what you are saying. But why does OMA work when you turn
on intregrated windows authentication? I mean if isn't working for OWA why would it work for OMA? From all the testing I have done OMA didn't work unless I had intregrated windows authentication checked. I checked the event viewer and it would give an error about negotiation. It sounds like I should be following Microsoft KB 817379 and setup a / exchange-oma directory. "mark.a.constant" <mark.a.const***@gmail.com> wrote in message I'm not entirely sure. OMA sends WebDAV (an HTTP extension) requests to the news:f94b8271-45f4-4b2a-874f-aa05b4ce82a6@c36g2000yqn.googlegroups.com... >I get most of what you are saying. But why does OMA work when you turn > on intregrated windows authentication? I mean if isn't working for OWA > why would it work for OMA? From all the testing I have done OMA didn't > work unless I had intregrated windows authentication checked. I > checked the event viewer and it would give an error about negotiation. > It sounds like I should be following Microsoft KB 817379 and setup a / > exchange-oma directory. Exchange VDir on the mailbox server. If the mailbox server is a different server, then it helps if the Exchange VDir has both Integrated and Basic enabled. If it's the same server, then I've never known it to matter, although it seems to in your case. The Exchange VDir should definitely have the default domain for Basic Auth set to \, which equates to your AD domain. It might help to study the iis log files, and see what it is using for the credentials as OMA accesses /Exchange. Lee,
I am working with a similar issue as I am migrating my users to a new Exchange server; 2003 to 2007. Exchange 2003 was on a DC. Exchange 2007 is on a member server. Now the user name requires that it be prefaced with the domain name. Can I configure OWA and Outlook Anywhere to have the be in a separate box? This would be a little less confusing for my users, because we have a long domain name and internally we have net bios running. Internally our domain name is cut off at the last three characters. Explaining and getting users to understand the difference between internal netbios naming and external full domain naming will be a pain. EX: Netbios (15 chars) - mylongdomainnam (note the cut off character) Domain - mylongdomainname.com IE: Domain: User name: Password: Tom Show quoteHide quote "Lee Derbyshire [MVP]" wrote: > "mark.a.constant" <mark.a.const***@gmail.com> wrote in message > news:7e786125-a375-497c-b66e-413128bee9b2@h31g2000yqd.googlegroups.com... > >I had an old exchange 2003 server that was also a primary domain > > controller. I could log into OWA without typing a default domain. I > > built a new exchange 2003 server that doesn't act as a primary domain > > controller. I moved all mailboxes over. For some reason out of the > > gate I had to type domain\username when logging into webmail. The only > > way I could get it to work without that is to turn of Windows > > Integrated Authentication and change the default domain from TEST to > > "\" without the qoutes. The probably is that it messes up OMA and I > > get an error staying in the event viewer that Active Sync doesn't > > support that type of negotiation. So I just tried chosing Windows > > Integrated Authentication. The Active Sync started working but I had > > to start typing in the domain again when accessing OWA. So I changed > > the settings of /exchange to not use Windows Integrated Authentication > > and changed change /oma to use WIA. That didn't seem to help. Why > > would it be on my old server I could have Windows Integrated > > Authentication checked and have my domain as the default instead of a > > "\" but now I can't on the new server? Does it make a difference that > > it is not a domain controller? > > Yes, it does make a difference. You can set a default domain for basic > auth, but not for integrated. On a member server, IIS will try to valid a > username that is not supplied with a domain name against it's own local > accounts. On a DC, it will validate it against the domain, since a DC does > not have local accounts. > > Lee. > > -- > _______________________________________ > > Outlook Web Access for PDA, OWA For WAP: > www.leederbyshire.com > ________________________________________ > > > 
Other interesting topics
Exchange 2007 disk space
Exchange Server Compromise Attachment Size after security update installation Entirely disable OWA/Port 80 Outlook Auto Complete Cache Data from exchange 2003. Outbound mail from new E2K7 server Exch2003 - Connection reset how to change mapi format to smtp format for outbound message Outlook 2007 and Microsoft Exchange 2007 How to be notified of changes to a shared calendar |
|||||||||||||||||||||||
