Exchange Server

Configuring Forms-Based Authentication in OWA and Exchange 2003

How can I configure Forms-Based Authentication in Exchange Server 2003 OWA?

Exchange Server 2003 has greatly improved the Outlook Web Access (or OWA for short) experience when compared to older Exchange versions. Besides the nice new GUI, spell-checking in different languages, drag-and-drop features, S/MIME support (see Configure Message Security in OWA 2003 for more info) and more, Exchange Server 2003 has added a new logon method that can be used on OWA.

Instead of entering the username and password in an annoying pop-up screen, when configured with Forms-Based Authentication (or FBA for short), OWA will display a logon screen that enables the user to select various options and get a generally better look for the logon process.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

FBA can also be used to enable compression and other nice features, but in this article I will only deal with enabling it.

In order to successfully configure Forms-Based Authentication in OWA on Exchange Server 2003 you need to perform the following steps:

Configure SSL on OWA

If you plan to use SSL or Forms-Based Authentication on your OWA site you must first configure OWA to use SSL as the connection protocol. See Configure SSL on OWA for more info.

Configuring Forms-Based Authentication

After configuring SSL on the OWA site, you now need to enable the Forms-Based Authentication on the HTTP Virtual Server in Exchange System Manager.

  1. Open Exchange System Manager.
  2. Navigate to your server object.
  3. Expand your server object, and expand Protocols.
  4. Expand HTTP.
  5. Right-click on the Exchange Virtual Server and select Properties.

  1. On the Settings tab, click to select the Enable Forms Based Authentication check-box.

  1. Click Ok, and click Ok to dismiss the warning message.

  1. Restart the IIS services either from the Services snap-in or from the IIS Admin snap-in.

Client-side configuration

None required. Just point your clients web browser to the same URL youve used before, but instead of using HTTP, use HTTPS. You should get a warning telling you youre about to enter a secure site, and if youve configured your SSL digital certificate as described in Configure SSL on OWA, you should be just fine.

Now that you have Forms-Based Authentication enabled, you need to type your username and password in the provided fields on the OWA logon screen.

Note: Remember, you must enter your username in the format of DOMAIN\USERNAME, otherwise things wont work for you.

Optional – Customize the logon page

Since you enabled Forms-Based Authentication your users have found it annoying they can’t type USERNAME anymore and that they had to use the DOMAIN\USERNAME format.

Luckily for us, MVP Henrik Walther has written a great article explaining how to customize the logon page used by OWA after it has been configured to use Forms-Based Authentication.

Read Outlook Web Access 2003 Forms-based Authentication and the default domain dilemma

Related articles

You may find these related articles of interest to you:

Related Topics:

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: