In Exchange Server 2003, Outlook Web Access (OWA) requires, by default, that users supply both a domain name and a username when logging in. This is done using the format <domain_name>\<login_name> in the logon dialog box. Unfortunately, users often forget to include the domain name when logging into OWA and are unable to log in successfully.
Although it is possible to log in to OWA with only a username and no domain name, it requires a little administrative work and some prerequisites. The Exchange server must be running on Windows Server 2003 SP1 or later, and the Exchange virtual directory in Internet Information Services (IIS) must be configured to accept only Basic authentication.
To customize the OWA logon page in Exchange Sever 2003:
- Open Exchange System Manager (ESM).
- Expand Administrative Groups -> <admin_group_name> (which will vary) -> Servers -> <server_name> -> Protocol -> HTTP -> Exchange Virtual Server.
- Right click on Exchange and select Properties -> Access -> Authentication.
- Select the Basic authentication checkbox and clear all other checkboxes.
- Edit the Default domain box to contain only a single backslash (\).
- Click OK to close the dialog boxes.
- Right click on Public in Exchange Virtual Server and select Properties -> Access -> Authentication.
- Repeat steps 4–6 here.
- Repeat this procedure on all front-end and back-end Exchange servers that host OWA.
If you do this, there are several caveats to keep in mind:
- You should not attempt to customize the OWA logon page unless you're sure that you have unique usernames across all domains in your Exchange organization's forest.
If you only have one domain, usernames automatically will be unique.
- Because Basic authentication is inherently less secure than Integrated Windows authentication, you should configure it to work across a Secure Sockets Layer (SSL) connection for added security. This precaution is especially important if users routinely log on to OWA from outside the Exchange organization.
- If you're using Exchange ActiveSync clients, you'll need to reconfigure ActiveSync. Follow the Exchange ActiveSync configuration instructions for Method 2 in the Microsoft Knowledge Base article 817379, Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003.
- If you have to recreate the Exchange virtual directories automatically in IIS for any reason, they will no longer be configured to accept Basic authentication (by default), and you must repeat this procedure.
About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.