Banner

Outlook Web Access 2000

Outlook Web Access (OWA) for Exchange 2000

Frequently Asked Questions

Why does my OWA session time out?

A lot of companies use an OWA session security solution such as OWA Forms-based authentication, ISA Forms-based authentication, RSA SecurID, Messageware TimeGuard, or SafeWord from Secure Computing.  These solutions all have an inactivity timeout feature which logs users off OWA users after an extended period of inactivity.  Note that working on a new message is not seen as activity by OWA -- you have to be moving in the main OWA frame to be active.

How can I configure per-server segmentation?
When configuring per-server segmentation, the settings are applied for all user’s with mailboxes hosted on the Exchange server.  To enable segmentation per-server,
  1. Open the registry editor (Start\Run\Regedit)
  2. Locate the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeWeb\OWA.
  3. Create a new DWORD.
  4. In the New Value #1 box, type DefaultMailboxFolderSet.
  5. Right-click and select Modify.
  6. Select Decimal and type the value that corresponds to the OWA features to be enabled.  Refer to Microsoft article http://support.microsoft.com/kb/833340 to calculate the segmentation value.
  7. Click OK to apply the changes.

Note: In a front-end / back-end environment, segmentation settings must be made on the back-end server.  

For additional information about the segmentation attributes, refer to Microsoft’s article below.http://support.microsoft.com/kb/833340.

How can I paste / embed images in to OWA messages?

Pasting images into messages is not an OWA feature.  There are two workarounds to getting images into your message:

  1. You can paste HTML links to images, but this means that the image needs to be stored on a public server.  An example of this would be when you copy an image from a website and then paste it into an OWA message
  2. You can embed images using Outlook, which actually stores images as attachments, making them available for recipients using OWA to see.

There is a Microsoft knowledgebase article, available below, which explains how to paste an image into the OWA signature.  The workaround does not always seem to work and is not supported by Microsoft as an official solution.

How to get an image into the signature file in OWA

http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/1bb882b3-03dc-4085-ae06-a787fd76fd39/

How do you change the Outlook Web Access Logon Page?

A Microsoft knowledgebase article suggests that there are two ways to change the OWA 2000 logon page;

  1. Direct users to custom OWA pages which link to the appropriate OWA folders; or
  2. Use HTML and WebDAV to Create a Customized Web Program.

For details on these configuration options, refer to http://support.microsoft.com/?kbid=321832

Why does the OWA Inbox not refresh correctly on Macintosh clients?

OWA on MAC browsers may cache OWA content since the last refresh, as a result, new mail arriving in the Inbox may not show the content in the preview pane until the Inbox is refreshed.

For more information refer to http://support.microsoft.com/kb/322217/en-us
Why can viewing an OWA attachment on a client machine be a security risk?

When viewing an OWA attachment on a client machine, a copy gets saved in the cache of that machine. If this computer is shared or a public terminal, (such as a kiosk, library etc) the attachment can be viewed, copied and saved by by unauthorized users.

 

There are third party add-ons, such as Messageware AttachView (www.messageware.com), which offer secure web access to OWA attachments by converting attachment files into secure web pages for over 300 file formats, providing secure access to attachments without the need of the application on the local computer.

 


Why does mail appears to be missing when a new OWA session displays the view of the folder that was used last in an earlier session?

When users login to OWA they may see the content of the last accessed folder as their Inbox content, this may cause confusion for the users.  A workaround allows the Inbox folder to be set as the last accessed folder for all connections.

For more information refer to http://support.microsoft.com/kb/817203/en-us

When I send a document from within a Microsoft Office application such as Microsoft Word, Outlook Express comes up. How can I set up my Default Mail Client to use OWA?

To set OWA as the default mail client, you need to use a third party add-on, such as ActiveSend from Messageware (www.messageware.com).  ActiveSend gives users the ability to set OWA as the default email within desktop applications, enabling the SendTo and MailTo functions, hyperlinks in web pages.

How can I restrict OWA address searches to multiple organizational units?

The below Microsoft article describes how to permit OWA users search address books based on multiple organizational units or specific address lists, rather than being restricted to just their organizational unit or one address list.

For more information refer to http://support.microsoft.com/kb/817218/en-us

How can Exchange 2000 OWA users access Exchange Server 5.5 Public Folders?

To access Public Folders on Exchange 5.5, a Connection Agreement must be made with the Exchange 2000 computer and the Exchange Server 5.5 public folders must be replicated to the Exchange 2000 computer.

For more information refer to http://support.microsoft.com/kb/292019/en-us
Why can I not grant delegate writable access to a mailbox for an OWA Client?

Write mailbox folder access is not supported in OWA.  Instead, full mailbox access must be given to a user to access and manage content in other user’s mailboxes.

For more information refer to http://support.microsoft.com/kb/811646/en-us.

How can I restrict users to viewing the address list of their own organization, not the entire Global Address List (GAL)?

Using ADSIEdit Administrators can edit the msExchQueryBaseDN attribute to restrict users to either viewing either

a) A limited Global Address List that consists of users in the same Active Directory Organizational Unit; or

b) A custom Exchange Address List. 

To make this configuration change, refer to http://support.microsoft.com/?kbid=272197

How can OWA be set up to use UPN logon names instead of domain\username?

To set up OWA to accept UPN login names, the Exchange, Exchweb/bin and Public virtual directories must be configured to use Basic Authentication and the default domain must be configured to be “\”, no quotes. 

To step through the configuration, refer to http://support.microsoft.com/?kbid=267906.

How can I disable multimedia file access for my OWA users?

In OWA 2000, users can download a Multimedia Control from the OWA Options page allowing them to insert audio and video content into messages.  Some administrators may decide to disable access to multimedia files to prevent high use of server resources. 

To disable the multimedia button in the OWA Options page, open the registry editor (regedit) and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB.  Create a key named DisableMultimedia and set the value to 1.  Care should always be taken when making edits in the system registry.

For more information on this and other OWA registry keys, refer to http://support.microsoft.com/?kbid=311342.
How can I change the reminder polling interval for OWA 2000 users?

The reminder polling occurs every 9 minutes by default.  To change this value, open the registry editor (regedit) and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA.  The key name is ReminderPollingInterval.  Care should always be taken when making edits in the system registry.

For more information on this and other OWA registry keys, refer to http://support.microsoft.com/?kbid=311342.
How can I change the new mail notification interval for OWA 2000 users?

The new mail notification polling occurs every 2 minutes by default.  To change this value, open the registry editor (regedit) and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA.  The key name is NewMailNotificationInterval.  Care should always be taken when making edits in the system registry.

For more information on this and other OWA registry keys, refer to http://support.microsoft.com/?kbid=311342.

Why are some users not logged of OWA after clicking the Log Off button?

On a front-end server running Exchange Server 2003 or 2000 users are not logged of correctly due to a permission issue on the Logoff.asp page or the /exchweb/bin is configured for Integrated Windows Authentication instead of Basic. 

For more details and for the instructions on how to correct these configuration issues, refer to http://support.microsoft.com/?kbid=927907.

How is the Change Password feature implemented in OWA?

The change password feature is not enabled by default in OWA 2000 because it is a feature of IIS, not Exchange 2000 Server.  The IISADMPWD virtual directory must be created in IIS under the OWA website and the Change Password button must then be enabled from within the registry. 

For more information refer to http://support.microsoft.com/?kbid=297121.

My users are getting additional OWA login prompts, how can I fix this?

Additional login prompts are usually the result of a mismatch of IIS Authentication settings.  The authentication settings for the Exchange, Public, and Exchweb\bin virtual directories must match to ensure users do not get additional login prompts. 

It is best to check the Exchange and Public Authentication settings from the Exchange System Manager (ESM) and then compare them to the settings in the IIS Manager.  This order is important since the ESM settings overwrite the IIS settings for the Exchange and Public virtual directories.

Compare the IIS authentication settings for the Exchange, Public, and Exchweb\bin virtual directories in Exchange System Manager (ESM) and the Internet Information Services Manager (IIS).

  1. Open Exchange System Manager (ESM)
  2. Navigate to the Exchange Virtual Server (\Administrative Groups\First Administrative Group\<Servers>\Protocols\HTTP\Exchange Virtual Server)
  3. Right-click on the Exchange virtual directory, and select Properties
  4. Chang e to the Access tab and click the Authentication button
  5. Repeat steps 3 to 4 for the Public virtual directory
    Open the IIS Manager
  6. Navigate to the OWA website
  7. Right-Click on the Exchweb\bin virtual directory, and select Properties
  8. Chang e to the Directory Security tab
  9. Click Edit under the Anonymous access and authentication control section
  10. Verify that the Windows Authentication and Default Domain settings match those of the Exchange and Public virtual directories

Refer to the summary tables of IIS authentication settings below.

Native OWA virtual directory authentication settings  

Authentication

Virtual Directories

Exchange

Public

Exchweb\bin

Basic

Basic

Basic

Basic

Integrated

Basic and Integrated

Basic and Integrated

Basic and Integrated

Exchange FBA

Basic

Basic

Basic

Articles

ISA Firewall Auto Log Off Controls Can Be a Security Issue for OWA Publishing

ISAServer.org

This article, by ISA Firewall specialist Thomas Shinder, explains that earlier versions of ISA Firewall (2000 and 2004) included navigation protection.  Navigation protection ensures that if a user goes to another website, such as Google, without logging off OWA, ISA automatically logs the user off.  With navigation protection, administrators can rest assured that users are not leaving active OWA sessions behind.

ISA Firewall 2006 no longer includes navigation protection.  This is explained in more detail in an ISA Security report published by Messageware Incorporated (
ISA Security Report: OWA Security Issues Undetected by ISA Server) referenced in Thomas Shinder’s article.


To read the full article, go to:

http://blogs.isaserver.org/shinder/2007/07/19/isa-firewall-auto-log-off-controls-can-be-a-security-issue-for-owa-publishing/

Alleviate Outlook Web Access (OWA) email attachment security issues

SearchExchange.com

The article gives an overview of an OWA attachment solution called AttachView by Messageware, which lets users safely view a wide array of attachments without ever downloading the file to the local computer.  AttachView offers users secure access to attachments via an enhanced viewing window with features such as: view Microsoft Word Track Changes revisions, a hyperlinked table of contents, printer-friendly version, rotate and zoom buttons.

Administrators can set rules giving users access to users to open, save and print attachments based on criteria such as IP address, username, hostname and if they are connecting from a corporate device.

To view the full article, go to http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1310616,00.html

Securing OWA 2000 Using SSL

MSExchange.org

This article walks step by step through the process of securing OWA 2000 using SSL. Includes helpful screenshots and links to more articles on OWA 2000.

http://www.msexchange.org/tutorials/MF004.html

Use Ctrl+Shift+R to “Reply all” to the selected message.
 

Poll

Will tablet and Smart phone use be a big part of your OWA 2013 deployment?