Pages

Tuesday, May 29, 2018

Logging into SecurEnvoy 2fa enabled Exchange 2013/2016 OWA portal loops back to the login page

Problem

You’ve completed configuring your Exchange 2013/2016 OWA (Outlook Web App) for 2-factor authentication with SecurEnvoy and proceed to test the login portal:

image

You’re proceed to enter the 2nd factor passcode:

image

The authentication is successful with the following message displayed:

Authentication OK

Logging on to Exchange Please Wait …..

image

… but the screen refreshes and you are passed back to the login screen:

image

Solution

One of the reasons why this behavior would be exhibited is if you do not have a default domain configured and you’re logging in with only the user name and not domain\username. To test, try logging in with domain\username and if you are successful then you have the following 2 choices:

Option #1 – Configure a default domain within the SecurEnvoy configuration

Navigate to the Exchange server’s C:\windows directory and open the file seiis.ini:

image

Locate the DefaultDomain= line and add the domain name:

image

Option #2 – Configure a default domain within Exchange admin center

Navigate to servers > virtual directories, select the server hosting the OWA website, open the properties of the owa (Default Web Site), click on authentication, change the default Domain\user name option to User name only and select a default domain:

image

image

Alternatively, you could also use the following PowerShell cmdlets to review the OWA authentication configuration:

Get-OwaVirtualDirectory -Server tmrukexowa01 | FL LogonFormat,DefaultDomain

The following can configure the OWA authentication:

Set-OwaVirtualDirectory

The above should correct the issue and allow you to log into OWA successfully.

No comments: