820378 – Outlook Web Access session unexpectedly quits when forms-based authentication is used:


If you want to change OWA so that you don’t have to type in domain\user after the application of Exchange 2003 sp1, Matt Gibson in the public newsgroups says —

“Go into IIS admin, go to your OWA website, right click on the exchange dir
and go to "Properties".  Then go to the "Directory Security" tab, and click
on the "Edit" button under the "Authentication and Access control".  At the
bottom of the new window, you'll see "Default Domain" and "Realm".  Just
change "Default domain" to your domain, and you'll be good to go.”
Update by Roger Crawford --  
Update to this be sure to include doing this on the Public Virtual  Folder
or you will get kicked out of Public Folders when you try to view them
Update from the newsgroups --
Just try reruning the CEICW which will setup the proper settings as OMA is messed up as well

Then I would like to explain this issue in more detail for you:
By default, after running CEICW in SBS 2003, the component will set the
Default Domain property on the corresponding IIS sub-directories (under
Authentication -> Access Control) as following:

1) /Exchange/: \                    (cerntainly you can change it to SBS
domain name so you do not need to input the domain name any more. Since you
had mentioned that you do not need to input the domain name in the
previous, you may change this by yourself in the previous)
2) /Microsoft-Server-ActiveSync/: SBS domain name
3) /OMA/: SBS domain name

This is considering the fact that PPC or mobile phone cannot use the
reverse backslash character when inputting credential.
(This is why I say your workaround that you had found is correct and the
best solution because this is just the correct setting for OWA and OMA)

The Exchange 2003 SP1 may change the settings back to the default (/OMA/: 
\ ). And this cause the issue on your system.
A poster in the newsgroup says that he used the following workaround -- 
“I used the "Default domain" entry box via IIS management, Exchange and OMA 
websites, Authentication and Access Control to set a default domain. After
that, the logon process for OWA and OMA work like they did pre-SP1.“

I put together some screen shots here to help out -- 


8 Responses to Don’t want to type in domain\user after Exchange 2003 sp1?

  1. Paul says:

    Ah yes, but what about Public folders?

  2. Susan says:

    Update to this be sure to include doing this on the Public Virtual Folder

    or you will get kicked out of Public Folders when you try to view them

  3. I am using forms based auth (FBA) so a lot of the things you say here don’t apply to me but I wish they did. I needed a solution that would work with FBA so I wouldn’t have to enter domain\username. Luckily, I have run the Configure E-mail and Internet Connection Wizard in SBS and have been happy to find that SBS adds a little bit of nice code to logon.asp that is used by forms based auth. WHY NO ONE HAS EVER BLOGGED ABOUT THIS CODE I DON’T KNOW. Without this little bit of code, you would have to enter domain\username everytime, but this code parses AD and puts in the domain\ for you when you press submit, very cool. Again, funny that no one has blogged about this. I have used this same code snippet for Exchange 2003 Non SBS and Exchange 2003 sp1 Non SBS. I have 2 files available if anyone wants them. One file is for Exchange 2003 pre sp1 and the other is for Exchange 2003 sp1. I posted the files at http://www.inteltech.com/downloads

    Just take these files and replace your current (backup original first of course) logon.asp in your exchsrvr\exchweb\bin\auth\usa folder

    Then do an IISRESET

    I have only tried this for the USA folder (I only speak english of course, much to my own chagrin) but I assume the same code will work for the other langs.

    Email me if you have questions jcook@inteltech.com

  4. After rereading some of your stuff it looks like you did intend for your fixes to work with FBA. But as you may have found out, if you use FBA, the domain to authenticate against in IIS will always be reset to \. This is because ESM settings override IIS and the ESM settings sync against the IIS metabase every 15 minutes or so. I think the best bet for everyone is just to use the modified logon.asp code I put on https://www.inteltech.com/downloads. I didn’t write this code, but I did do some cutting and pasting to make the same code work for sp1. I just used these files and I didn’t have to muck with IIS at all. I think the reason that maybe not many other people have blogged about this is that maybe my Installation CD of SBS was a newer build that not too many people have used. That is my only guess but Anthe should be able to answer that for sure. Read my above post.

  5. Robert Murray says:


    Have you heard from anyone saying your replacement login.asp files didn’t work? I had not luck with it. I just get a blank page…

    Robert Murray

  6. Bob Polatidis says:

    I also get a blank page only.

  7. Cham Bain Smith says:

    I also get a blank page.

  8. jared says:

    I’m using ISA 2004 to publish, and adding my domain to the default domain doesn’t work… instead of "domain\username" coming up when I do a login, "owa_url\username" comes up. Any ideas?