Friday, July 19, 2013

Exchange 2013 CU2 - OWA Forms Based Authentication automatically enabled

I think most people automatically use OWA Forms Based Authentication (FBA) for web mail, but in some cases you may have just Basic or Integrated Windows Authentication enabled.

Some people have been reporting that even though FBA is disabled in their environment, once the update to E2K13 CU2, the logon form is displayed rather than using Basic or IWA.

If you check the OWA virtual directory properties, the FormsAuthentication form option is set to "False", yet the FBA form still appears. 
Get-OwaVirtualDirectory | FL forms*,basic*
FormsAuthentication : False
BasicAuthentication : True

  This happens because when CU2 is installed, it replaces the existing web.config file with a new one that has FBA enabled.  This is easy to fix, though.

Simply "enable" and then "disable" FBA on your OWA virtual directories. 

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $True
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $False 

This should reset FBA back to off.

For more information, see this KB article "The FBA page is displayed when a user accesses OWA or ECP to log on to Exchange Server 2013"


Post a Comment

<< Home