How to configure Exchange 2013 OWA with Single Sign On

Similar Messages

• Configuring JCo3 Connection Pool with single sign on on non SAP Java server

  Hi Everyone,
  i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
  Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
  On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
  Any help will be appreciated.
  Thanks,
  Divyakumar Jain

  Eason, 你好！
  I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

• Exchange 2013 DAG with single site and 2 multi-role servers with error "MapiExceptionIllegalCrossServerConnection"

  Hi,
  I've got a lab with a domain controller and an Hyper-v with on it two multi-role exchange 2013 CU7 servers on W2K12 R2 OS, configured in DAG semplified (but the problem is the same also if I use the classical DAG configuration), a witness server, and a L7
  load balancer for the exchange servers.
  When I made the test to disable the OWA application pool where I've got the active mailbox database of the user, the balancer in correct manner redirect the session to the other exchange multi-role server, but the client in  his OWA session is no more
  able to send new mail with the error "Error your request can't be completed rigt now. Please try again later."
  The only strange log that I see on the server in the MAPI client access directory where there is the following error message:
  2015-01-21T08:00:45.132Z,956,1,/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt,,Microsoft.Exchange.RpcClientAccess.Monitoring.dll,15.0.0.0,Cached,,,,MapiHttp,Client=Microsoft.Exchange.RpcClientAccess.Monitoring,R:4ab7b6c8-54ee-4be3-aa9d-f8c856c4c47c:2,C:MAPIAAAAAOC4+7OCoZOjkqeKuoumlKSEtYO5ibyGs4bc/879z/vD9sX1zP28AwAAAAAAAA==|S:0-mGmHRQ==,OwnerLogon,0x6BB
  (rpc::Exception),00:00:00.0310000,"Logon: Owner, /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt in database  last mounted on Exch2.lab.net",RpcEndPoint: [ServerTooBusyException]
  Client is being backed off -> [ClientBackoffException] Mailbox was moved to a different mailbox server. A client needs to retry. -> [IllegalCrossServerConnectionException] Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt.
  -> [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] [diag::AAAOAAAA/wAAAAAAAAAAAgAAAAA=],,,[email protected],
  The CAS try to access the mailbox on the other server, but without success.
  Someone have idea how to solve?
  Thanks

  Hi Hinte, sorry for the answer delay.
  I've run the command you suggest to check the HealthMailbox status, but seems that all are fine:
  [PS] C:\Windows\system32>get-Mailbox -Monitoring | ft name, servername
  Name                                                        ServerName
  HealthMailbox7021deb6ae104dadbf52feedfa7fa68b               exch1
  HealthMailboxb83c9040b32e4d1197f7f54f6709bb7f               exch1
  HealthMailboxb1c32037890b43fbb2af2efe7c36ba00               exch1
  HealthMailbox8d174269b494458daf9ade5099e22845               exch1
  HealthMailboxaa7d10f02d2d4cc588243b291ead3e3a               exch1
  HealthMailboxeb32c30a019f42968a7cbc49a6ac3e65               exch1
  HealthMailboxc6ff1d36ba154c5db5411b44718edcbd               exch1
  HealthMailbox75dc7caa7e8c4a3b812a01b607536d48               exch1
  HealthMailbox16c86e512f454e7890b80c180ce19c00               exch1
  HealthMailboxc6e447f7dba24d9b913f1dfcabe9f927               exch1
  HealthMailbox40fa5a3f2abc4accae6286cd98abc90a               exch1
  HealthMailbox2712b9544bad4e7b8b671be2cda8cfde               exch2
  HealthMailboxe2559124da20499386bf8103dcb21e9b               exch2
  HealthMailbox3264c6078dad45d4a78c56a3afe81df1               exch1
  HealthMailboxacacc51eb8bc4717b295ddf0adccf77e               exch2
  HealthMailbox64c4dd8cddac4c4e8bb7314010e797b1               exch1
  HealthMailbox4a92bfa14fdd47fbb27c19513f6d2beb               exch2
  HealthMailbox465d2a69de93430e84b4d699a88cb0c3               exch1
  HealthMailbox97b578e57cd44204820fffa416b25633               exch2
  HealthMailboxb411059771db4647bb775c665ec29440               exch1
  HealthMailboxf981dde6f4134f839bf41eb0000434e4               exch2
  HealthMailboxc33801c7c3b1474f8aa6065249bb4fca               exch1
  HealthMailbox2282128ed8d14937998212edd15adf20               exch2
  HealthMailboxe3d12b756cf545239b38be4607904ae1               exch2
  [PS] C:\Windows\system32> 
  Regarding the test sugested to diable instead the OWA App Pool only the OWA virtual directory, I've not found on IIS the possibility to stop the access to this virtual directory.
  Also on exchnage Administration page there is no the possibility to switch off this virtual directory only (or I don't found where is this setting).
  Regards

• Exchange 2013 OWA IM to federated users

  Hi I configured Exchange 2013 OWA IM for Lync server and everything is working fine except that I can't IM federated Lync users when the conversation is initiated from OWA. When I start an IM conversation from the federated user to my OWA, everything is
  working fine. Also the replies arrive then! So it must be something with initiating the session. I don't have issues with federated users form normal Lync desktop clients or mobile clients.
  In the lync logs I notice the following when starting the conversation from OWA:
  1027;reason="Cannot route this type of SIP request to or from federated partners";
  I also notice there's a KB2977259 (http://support.microsoft.com/kb/2977259) that discusses similar things but I'm not working with contacts like that and I guess they don't mean that you have to do this for every federated contact a Lync user has.
  Does somebody else also experience this issue?
  Update: following this KB I tried to add a new outlook contact in owa and add my sip address as "sip:[email protected]". When doing this it actually work to IM this federated user. But this is actually a workaround you can't expect your users
  to implement. I can't believe nobody else has issues with this.

  Hi DS_Kevin,
  Please post a little more log information. It seems that IM from OWA can’t locate the federated user’s SIP address without the sip prefix.
  Best Regards,
  Lisa Zheng
  Lisa Zheng
  TechNet Community Support

• Exchange 2013 OWA internal only

  Hi all,
  Does anyone know how to restrict Exchange 2013 OWA for internal only, but can't impact Exchange ActiveSync service?
  I guess IP Address and Domain Restrictions can make it, but it may impact ActiveSync.
  Any good solution?
  Thank,
  Ian

  Hi,
  Based on my research, we can install the CAS and Mailbox roles in separate two servers. Then we can create new website with a unique IP and only adding ActiveSync to that website. That would give us a website hosted on the box that served the ActiveSync
  devices but nothing else, leaving the OWA open for internal access. The firewall would point to this website/IP on the CAS. We could also create a virtual directory under there for /OWA and /Exchange which would serve up the generic ““this service is no longer
  available, please contact the help desk” message as the default webpage
  http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Publish Exchange 2013 OWA + Active Sync + Outlook Anywhere using TMG 2010

  We plan to publish our new Exchange 2013 SP1 servers (3 in DAG) outside corporate network using TMG 2010. I am looking for some guide how to do it in the proper way. What I found is little old and does not take into consideration Exchange 2013
  SP1
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  Any advice how to publish Exchange 2013 OWA using form-based authentication and how to use Kerberos Constrained Delegation?

  Hi,
  The blog below describes some scenarios about publishing Exchange. You could have a look the Scenario 2.
  Exchange publishing after TMG/UAG
  http://dizdarevic.ba/ddamirblog/?p=168
  Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Configuring exchange 2013 with MS PKI

  while trying to configure exchange to work with certificates issued from my internal MS PKI, I deleted the self signed certificates. and now I can't access exchange. the good thing is that this is not a production environment yet. I was looking around and
  I couldn't find a documentation on how to request certificates from an internal CA. and how to assign the certificate to exchange.
  I need help regarding this, if any one has a working environment with CAS and MB on different server, how the certificates are assigned in IIS.

  Hi mtxfayez,
  First, I would like to share some information on Self-signed certificate and PKI certificate.
  1. Self-signed certificate.
  This self-signed certificate is used to encrypt communications between the Client Access server and the Mailbox server. The Client Access server trusts the self-signed certificate on the Mailbox server automatically, so no third-party
  certificate is needed on the Mailbox server.
  By default, the digital certificate installed on the Mailbox server or servers is a self-signed certificate. You don’t need to replace the self-signed certificate on the Mailbox servers in your organization with a trusted third-party certificate. The
  Client Access server automatically trusts the self-signed certificate on the Mailbox server and no other configuration is needed for certificates on the Mailbox server.
  2. PKI certificate.
  If you obtain certificates from a domain-joined Windows CA, you can use the CA to request or sign certificates to issue to your own servers or computers on your network. This enables you to use a PKI that resembles a third-party certificate vendor,
  but is less expensive. These PKI certificates can't be deployed publicly, as other types of certificates can be.
  The steps for deploying a PKI-generated certificate resemble those required for deploying a self-signed certificate. You must still install a copy of the trusted root certificate from the PKI to the trusted root certificate store of the computers or
  mobile devices that you want to be able to establish an SSL connection to Microsoft Exchange.
  Note: One problem with self-signed and PKI-based certificates is that, because the certificate is not automatically trusted by the client computer or mobile device, you must make sure that you import the certificate into
  the trusted root certificate store on client computers and devices.
  More details in the following article:
  http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
  Second, about "how to request certificates from an internal CA" and "how to assign the certificate to exchange", found a great blog for your reference:
  Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services (Part 1 of 2)
  http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
  Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services (Part 2 of 2)
  http://blogs.technet.com/b/yungchou/archive/2013/10/22/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-2-of-2.aspx
  Last, if it still not works well, please paste the detailed error message without sensitive information for the further troubleshooting.
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2013 owa integration with ADFS and cooexistance with exchange 2007

  Team,
  I have successfully integrated adfs 3.0 and Exchange 2013 owa and ecp.  However, we have a coexistence environment with exchange 2007.  When you access owa, which then redirects you to adfs, sign-in, and then get redirected back to owa. If your
  mailbox is still within exchange 2007, you get a blank login page.  If you mailbox is in exchange 2013 then you successfully get the owa page for 2013.  The problem is that all exchange 2007 mailbox users get blank pages at login. So I have determined
  that exchange 2013 cas is not doing the service location lookup on the mailbox to determine if a redirect to the legacy owa address is needed.  Is there a configuration setting that I might be missing? Or does the integration with adfs and owa not support
  the much needed mailbox lookup for a coexistance environment?  A side note: if we enable FBA with owa, both login scenarios work just fine (legacy and new 2013). The legacy namespace has been created, and applied to the exchange 2007 urls.  

  Hi,
  Try using AD FS claims-based authentication with Outlook Web App and EAC
  http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Configuration Exchange 2013 DAG on two Server Data center 2012 with Hyper -V roles

  Dears,
  I try to planning and installation two hosts ( Data center 2012 servers) then install Hyper-V role on both this server, then create VM on each Data center server to be install Exchange 2013 on them.
  After that I want to configure DAG between Exchanges servers, so what are the prerequisite to do that ?
  Note: I use external IBM storage that will be located all VMs and DAG
  Many thanks 

  Hi Moon,
  In addition to Gulab's suggestion, I would like to clarify the following things:
  1. Yes, we can use Standard or Datacenter version of the Windows Server 2012 operating system to configure Exchange 2013 DAG.
  2. Each member of the DAG should be running the same operating system.
  3. The DAG with an even number of members should have a witness server. A witness server is a server outside a DAG that's used to achieve and maintain quorum when the DAG has an even number of members.
  What's more, here are some helpful articles for your reference.
  Planning for High Availability and Site Resilience
  http://technet.microsoft.com/en-us/library/dd638104(v=exchg.150).aspx#HR
  High Availability and Site Resilience
  http://technet.microsoft.com/en-us/library/dd638137(v=exchg.150).aspx
  Hope it helps.
  If there are any problems, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Exchange 2013 OWA HTTP 500 error when opening another mailbox

  We have an Windows Server 2012 Exchange 2013 server with OWA. 
  All users can login fine, but when I open another mailbox with my Admin account, having enabled access to that user's mailbox, the URL redirects to /owa/auth/errorfe.aspx?httpCode=500 and shows: 
  something went wrong
  Sorry, we can't get that information right now. Please try again later. If the problem continues, contact your helpdesk
  Google won't help me in this instance. Where in the eventlog are OWA events logged?

  Hello,
  I am joining to the thread opener, however, we do not use exchange server. we are using the Cloud services through Microsoft and as far as I know, the version is 2013 wave 15 (again, through Microsoft's cloud).
  when I open the outlook, I can see the shared mailbox just fine.
  when I open the office web access, and I search the mailbox through the 'add another mailbox..' It finds it however when I press the add button I get the HTTP 500 error.
  when I tried to open a different mailbox (another shared mailbox I gave myself permissions for), it opens just fine.
  it seems (from what I can tell) it is this specific shared mailbox that I cannot open through OWA while others I can.
  when I try to open the mailbox in question through a different internet browser (Chrome) I get this Error:
  NegotiateSecurityContext failed with for host 'db3pr04mb138.eurprd04.prod.outlook.com' with status'LogonDenied'
  the error seems to be persistent on this specific mailbox only regardless to what browser I am trying to access with.
  I can only assume that the solutions you (Winnie) offered isn't relevant in my case.
  thanks in advance for any attempt to help me with this issue.

• How to delete multiple data domains with single step ?

  how to delete multiple data domains with single step ?

  You can go to your Endeca-Server domain home e.g.($WEBLOGIC-HOME$/user_projects/domains/endeca_server_domain/EndecaServer/bin)
  run
  [HOST]$ ./endeca-cmd.sh list-dd
  default is enabled.
  GettingStarted is enabled.
  endeca is enabled.
  BikeStoreTest is enabled.
  create a new file from the output just with the domains that you want to delete and then create a loop
  [HOST]$ vi delete-dd.list
  default
  GettingStarted
  endeca
  BikeStoreTest
  [HOST]$ for i in $(cat delete-dd.list); do; ./endeca-cmd.sh delete-dd $i; done
  Remember that this can not be undone, unless you have a backup.

• How to Configure a mail server with OIM

  Experts ,
  Any idea/links/Docs on how to configure a mail server with OIM and to send mail notification to someone .
  Pardon me, if my questions seems to be incomplete .
  Thanks
  Suren

  .Create an IT Resource of Type Mail Server. Give Name as "Email Server.Now populate the values for all the parameter for example Server,username,password and authentication type.
  .Go to System Configuration and in Email Server property value give the name of IT resource you created in step1 so the name will be "Email Server".
  http://forums.oracle.com/forums/messageview.jspa?messageID=3867506&stqc=true

• How to configure the .ini file with applet

  hai
  i am using native methods in that methods they use some ip addresses. when i am using that native methods in applet run the applet using appletviewer tool it works fine but when i am open that applet using html page browser not configure that .ini file data .how to configure that .ini file with browser

  Hi Jay SenSharma,
  Thanks for your immediate response.
  I saw your URL links, But in your link give the recursive deployment using wlst. But my question is how to configure the oracle weblogic library files into Admin server & Managed Servers by using the wls.jar file through wlst script to create the new domain.
  But if create the new domain by using GUI mode then we manually give the admin server port number & managed servers port number and name.
  By default the library files are configured with the Admin server in GUI mode. But the Managed server the Library files are not configured with the Managed servers. Then we manually select all the library files to the corresponding managed servers. Then only the applications are deployed into the corresponding managed server.
  Regards,
  S.vinoth Babu

• How to configure the wifi access with specific time slot for kids?

  how to configure the wifi access with specific time slot for kids?

  Which model of AirPort base station do you have? Which version of OS X is your MacBook Pro running?
  Wi-Fi access can be limited using the Timed Access feature of the AirPort routers. You would do so using the AirPort Utility.

• How to configure Ogone for working with business catalyst ?

  How to configure Ogone for working with business catalyst ?
  In france ogone seems to be the only solution for seamless payment and there's no explications on the forum to configure it.
  Thx for your answers

  Hi ,
  [Configuration Guide SAP adapter for SAP Quality Center by HP|https://websmp101.sap-ag.de/~sapdownload/011000358700000612662007E/Adapter_Configuration_.pdf] might be useful.
  Check [Master guide|https://websmp201.sap-ag.de/~sapdownload/011000358700000612672007E/Adapter_Master_Guide.pdf]  also.
  Regards
  Naveen
  Edited by: Naveen kumar Palanichamy on Feb 19, 2009 6:38 AM