Banner

OWA 2003

Outlook Web Access (OWA) for Exchange 2003

Frequently Asked Questions

How can I ensure user accounts are locked out of OWA after multiple incorrect password attempts?

The Account lockout duration, Account lockout threshold and Reset account lockout counter after settings are configured in the Default Domain Policy.  These settings define what will happen if a user attempts to logon to the domain using the incorrect password multiple times.  Attempting to logon to OWA with an incorrect password will also increase the bad password count (badPwdCount), which will eventually lock a user out of the domain until it is reset.  

Important consideration: Attackers can also use this strategy to lock users out of the network as long as they obtain valid usernames. The default settings of these Default Domain attributes are as follows: 

 

Value DefaultRecommended
Account lockout durationSpecifies the number of minutes a locked out account will remain unavailable before a user can attempt to log back in
Note that such a configuration will likely increase the number of calls that the help desk receives to unlock accounts locked by mistake.

Windows Server 2008 – Not Defined 

Windows Server 2003 – Not Defined

Windows Server 2008  - 15 minutes 

Windows Server 2003 - 0

Account lockout threshold This setting determines the number of failed logon attempts before a lockout occurs.

Windows Server 2008 – 0

Windows Server 2003 - 0

Windows Server 2008 - 50 invalid logon attempts 

Windows Server 2003- 20 invalid logon attempts

Reset account lockout counter afterThis is the length of time before the Account lockout threshold setting resets to zero.

Windows Server 2008 – Not Defined 

Windows Server 2003 – Not Defined

Windows Server 2008  - 15 minutes 

Windows Server 2003 – 30 minutes

 
On my computer when I try to login to OWA, the page does not load, icons are replaced with blue boxes, and there is a loading message at the top of the Inbox, how can I fix this?
The first thing to check is the Internet Explorer security setting.  The loading issue, as it is sometimes referred to, occurs when the Internet Explorer Security setting is configured to “High" or if cookies are disabled.  To change the security setting to "Medium-High" or "Medium" and verify that cookies are enabled, In Internet Explorer, select Tools\Internet Options.
  1. In Internet Explorer, select Tools\Internet Options from the browser menu.
  2. Move to the Security tab.
  3. Select the Internet zone and verify that the security level for this zone is set to "Medium-High" or "Medium".
  4. Move to the Privacy tab.
  5. Click the Advanced button.
  6. Ensure that the “Override Automatic cookie handling” checkbox is not checked.
  7. On the General tab, press the Delete button to clear the browsing history.
  8. Press Apply and OK.
  9. Close Internet Explorer.
  10. Open a new Internet Explorer session and try logging in to OWA.
Also, add Outlook Web Access to your trusted sites list. To add the OWA website to the trusted list,
  1. In Internet Explorer, select Tools\Internet Options.
  2. Move to the Security tab.
  3. Click on Trusted Sites and press the Sites button.
  4. Enter the OWA address in the “Add this website to the zone:” field.
  5. Press the Add button.
  6. Press Close.
  7. Press Apply and OK to save the changes.
  8. Open a new Internet Explorer session and try logging in to OWA.
If the issue remains, contact you Help Desk or Exchange Server Administrator as there may be an issue with the order in which hotfixes were applied on the server.
How can I configure per-user segmentation?

When configuring per-user segmentation, selected OWA features are applied to specific user. Per-user segmentation requires the Active Directory user object to be modified using ADSI Edit. To configure per-user segmentation, refer to Microsoft’s article below.

How to modify the appearance and the functionality of Outlook Web Access by using the segmentation feature in Exchange 2003
http://support.microsoft.com/kb/833340 

How can I configure per-server segmentation?
When configuring per-server segmentation, the settings are applied for all user’s with mailboxes hosted on the Exchange server.  To enable segmentation per-server,
  1. Open the registry editor (Start\Run\Regedit)
  2. Locate the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeWeb\OWA.
  3. Create a new DWORD.
  4. In the New Value #1 box, type DefaultMailboxFolderSet.
  5. Right-click and select Modify.
  6. Select Decimal and type the value that corresponds to the OWA features to be enabled.  Refer to Microsoft article http://support.microsoft.com/kb/833340 to calculate the segmentation value.
  7. Click OK to apply the changes.

Note: In a front-end / back-end environment, segmentation settings must be made on the back-end server.  

For additional information about the segmentation attributes, refer to Microsoft’s article below.http://support.microsoft.com/kb/833340.

Why do appointments created in OWA not appear in the calendar when using desktop Outlook? Delegates can see the appointment.
Some users may have cached Exchange mode enabled.  In this configuration, Outlook works from a local copy of the user’s mailbox which is refreshed periodically.  This would explain why they can see appointments in their calendars from OWA but not from Outlook.  For more information about the cached Exchange mode, refer to Microsoft’s article: 

 

Setting Up Outlook 2003 Cached Exchange Mode Accounts

http://office.microsoft.com/en-us/ork2003/HA011402591033.aspx

If you are interested I giving users access to shared calendars from within OWA, like they do in Outlook, there is a company called Messageware that offers shared calendaring in OWA.   

How can I paste / embed images in to OWA messages?

Pasting images into messages is not an OWA feature.  There are two workarounds to getting images into your message:

  1. You can paste HTML links to images, but this means that the image needs to be stored on a public server.  An example of this would be when you copy an image from a website and then paste it into an OWA message
  2. You can embed images using Outlook, which actually stores images as attachments, making them available for recipients using OWA to see.

There is a Microsoft knowledgebase article, available below, which explains how to paste an image into the OWA signature.  The workaround does not always seem to work and is not supported by Microsoft as an official solution.

How to get an image into the signature file in OWA
http://social.technet.microsoft.com/forums/en-US/exchangesvrclients/thread/1bb882b3-03dc-4085-ae06-a787fd76fd39/


I found my documents in the local browser cache! How can I increase attachment security?

When you open an attachment, rather than save it to a specified location, the attachment will always be saved to the temporary internet files folder on the local computer.  This happens unknowingly to the user creating a real danger on computers where unauthorized people could get hold of confidential documents.

There are a few ways Administrators can secure attachments for all:

Disable access to all attachments
Although not practical, it is the safest way to make sure that attachments are never left behind.

Force Save for all file types
This is a good option if your company is okay with users saving files to local machine and possibly forgetting to permanently delete them.   Another problem is that the save menu also has an open option!

Get third part help
Messageware (
www.messageware.com) offers a product called AttachView which gives Administrators a wide variety of configuration options for securing attachments.  Because AttachView support viewing over 300 file types as safe HTML pages, they really make it feasible to turn off the open and save attachment options for users while they are not in the office or on corporate devices.

 

How can I customize the OWA Logon Page? Remove the Public and Private timeout options and brand the forms based authentication (FBA) page.

The Exchange Forms Based Authentication login page settings are contained in the logon.asp page.  The steps below describe how to remove the Public and Private options from the OWA login page.  The difference between choosing Public and Private is the inactivity timeout configuration; removing this option will apply the Public timeout value for all users.

This is what the login page will look like after following the steps below:

 

Removing the Public and Private / Trusted OWA forms based authentication logon options

 

To remove the Public and Private options,
  1. On the server, navigate to \Program Files\Exchsrvr\exchweb\bin\auth\usa.

  2. Backup the logon.asp file before making any changes to ensure you can revert back to the original file.

  3. Open the logon.asp page using Notepad or Visual Studio .NET.

    Note: To ensure constancy, update the logon.asp page for each language OWA is accessed in by users in your organization.

  4. Comment out the Basic and Premium text using single quote (‘) as shown below.
    'CONST L_ShowPublicUI_Text = "Public or shared computer"
    'CONST L_ShowTrustedUI_Text = "Private computer"

  5. Search for L_ShowTrustTitle_Text
  6. Comment out: <!--" & L_ShowTrustTitle_Text & "-->

  7. Search for L_ShowDetail_Text
  8. Comment out: <!--Response.Write g_sOpenParen & "<A id=""lnkShowTrust"" href="/" mce_href="/"#"" onclick=""onClickHelp();return false;"" >" & L_ShowDetail_Text & "</A>"-->

  9. Search for L_HideDetail_Text
  10. Comment out: <!--" & L_HideDetail_Text & "</A>" & g_sCloseParen & "-->

  11. Search for L_ShowPublicUI_Text
  12. Comment out: <!--<INPUT id=""rdoPublic"" checked type=""radio"" name=""trusted"" value=""0"" onclick=""onClickSecurity();"">-->

  13. Search for L_ShowTrustedUI_Text
  14. Comment out: <!--<INPUT id=""rdoTrusted"" name=""trusted"" type=""radio"" value=""4"" onclick=""flags.value |= 4"">-->
To set the Public inactivity timeout value,
  1. On the server, open the registry editor (regedit)
  2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchange
    WEB\OWA\PublicClientTimeout
  3. Double click on the PublicClientTimeout value
  4. Enter the timeout value in minutes
  5. Press OK to apply the changes.

For more information on customizing the login page, refer to the following Microsoft article: Customizing the Outlook Web Access Logon Page. 

For information on customizing the inactivity timeout options, refer to Tweaking Outlook Web Access timeout options.

How can I remove the Client options (Basic / Premium) from the OWA Forms based Authentication (FBA) login page?

The Exchange Forms Based Authentication login page settings are contained in the logon.asp page.  The steps below describe how to remove the option to choose a Premium or Basic experience from the OWA login page.  This is what the login option will look like after following the steps below:

 

 

Customized forms based authentication logon page without premium and basic client options

 

To remove the Premium and Basic options,
  1. On the server, navigate to \Program Files\Exchsrvr\exchweb\bin\auth\usa.
  2. Backup the logon.asp file before making any changes to ensure you can revert back to the original file.
  3. Open the logon.asp page using Notepad or Visual Studio .NET.

    Note: To ensure constancy, update the logon.asp page for each language OWA is accessed in by users in your organization.

  4. Comment out the Basic and Premium text using single quote (‘) as shown below.
    'CONST L_ShowSimpleUI_Text = "Basic"
    'CONST L_ShowComplexUI_Text = "Premium"
     
  5. Search for L_ShowUITitle_Text
  6. Comment out: <!--" & L_ShowUITitle_Text & "-->

  7. Search for L_ShowDetail_Text
  8. Comment out: <!--Response.Write "(<A id=""lnkShowClient"" href="/" mce_href="/"#"" onclick=""onClickHelp();return false;"" >" & L_ShowDetail_Text & "</A>"-->

  9. Search for L_HideDetail_Text
  10. Delete only the closing bracket “)” near the end of the line: " & L_HideDetail_Text & "</A>)</TD></TR>"

  11. Search for L_ShowComplexUI_Text
  12. Comment out: ><!--<INPUT id=""rdoRich"" checked type=""radio"" name=""forcedownlevel"" value=""0"" onclick=""flags.value &= 14"">-->

  13. Search for L_ShowSimpleUI_Text
  14. Comment out: <!--<INPUT id=""rdoBasic"" type=""radio"" name=""forcedownlevel"" value=""1"" onclick=""flags.value |= 1"">-->

  15. Save the changes and verify the logon page.
For more information on customizing the login page, refer to the following Microsoft article: Customizing the Outlook Web Access Logon Page.

 

What are some of the OWA security implications and how can I fix them?

There are several ways to secure OWA.  Microsoft’s recommended approach is a cookie based solution called Exchange Forms-based authentication, this comes with Exchange Server 2003.  For added security make sure that users connect to OWA via SSL only.   

The article below from MSExchange.org has some more information on securing OWA. http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html  

Some additional security implications include:

  • Attachment security – opening and saving attachments may results in a copy of the file being left behind in the Temporary Internet Files folder on the client machine available for the next user to copy, print and email.  Printing files can result in a hardcopy being left behind on a public printer or desk. 

    Solution: You can block users from accessing attachments or look for a third party that does attachment conversions into safe HTML pages.
  • Session Inactivity – Users that are not active in OWA should be timed out to ensure they do not leave an active session behind unknowingly.

    Solution: Exchange forms based authentication has a public and private timeout value that is enabled by default.
  • Navigation protection – if a user does not logoff and enters a new URL in the address bar, the user on the computer can click the back button to get into the previous user’s OWA session – no need for credentials.

    Solution: ISA Forms-based authentication offers navigation protection.
  • Maximum session time – There is no maximum session time so if someone hijacks a session and can keep it active indefinitely without re-authenticating.

    Solution: RSA SecurID offers a maximum session time

There is a third party, Messageware, that offers OWA security and enhancement solutions.  It would be a good idea to check with them as well.

 
Users receive an - One or more of your reminders could not be snoozed or dismissed - error when they dismiss or snooze calendar reminders, how can I fix this?
There are two possible causes for the “One or more of your reminders could not be snoozed or dismissed” error:
  1. The SystemAttendantDN registry key may be missing.

    Solution
    : To add the SystemAttendantDN registry key, refer to Microsoft KB 3104440
  2. The value of the user object attribute legacyExchangeDN is incorrect. 

    Solution: Follow Microsoft KB 556073
    to correct the legacyExchangeDN attribute value for affected users. The Global Address Book should be rebuilt after updating the attribute.

    NOTE: The Outlook AutoComplete function may continue to use the incorrect legacyExchangeDN value; add the “incorrect” value to the affected user’s proxyAddresses attribute to ensure email delivery.
OWA users receive a - This operation can't be performed - error when saving appointments or responding to meeting requests, how can I fix this?
There are two possible causes for the “This operation can't be performed” error:
  1. The SystemAttendantDN registry key may be missing.

    Solution: To add the SystemAttendantDN registry key, refer to Microsoft
    KB 3104440.
  2. The value of the user object attribute legacyExchangeDN is incorrect. 

    Solution: Follow Microsoft
    KB
    556073 to correct the legacyExchangeDN attribute value for affected users.  The Global Address Book should be rebuilt after updating the attribute.

    NOTE: The Outlook AutoComplete function may continue to use the incorrect legacyExchangeDN value; add the “incorrect” value to the affected user’s proxyAddresses attribute to ensure email delivery.
 
How can I troubleshoot not being able to login to OWA?
There could be many reasons why you are not able to login to OWA.  Here is a list of things to check: 
  1. Check the OWA address is correct
    When incorrect, you may see a page cannot be found or Internet Explorer cannot display the webpage error.  You will also not see the login screen or prompt
  2. Check your username and password
    When incorrect, you will be prompted to re-enter your password several times in a row without getting access to your mailbox.  After three tries you will see an error indicating that you are not authorized.
  3. Try accessing OWA using a different browser
    If you cannot get into OWA, try connecting to OWA using another browser.  For example, if you are using Internet Explorer, try using Firefox or Netscape and visa versa.
  4. Try accessing OWA using a different computer
    Go to another computer and try logging into OWA using your account, Can you connect?
  5. Ask you coworkers if they can connect to OWA
    Check with the people around you to see if they are also having problems.
  6.  Document any errors you get and provide all the information to your Corporate Help Desk or Exchange Administrator for assistance
    To take a screenshot of any errors you get by pressing the “Print Screen” button on your keyboard.  Once you press the print screen button the picture will be on your clipboard.  Open a Microsoft Word document, right-click on the whitespace and press Paste

    Gather up as much information about what you are seeing so that you can provide it to your Help Desk or System Administrator.
How can I access my email from home using Outlook 2007?

You will need to speak to your Exchange Administrator about setting up a VPN or RPC over HTTP connection for you.  Refer to the Microsoft knowledgebase article below for more information.   

Description of the configuration options for the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003

How can I copy a message folder from one mailbox account to another in a different domain using OWA?

The Outlook Web Access client does not provide a way to backup email folders; you will need to use Microsoft Outlook or Microsoft Outlook Express to create a PST / Data file that will be saved to your computer.   

If you are working from a remote location your Exchange Administrator will need to provide you access to your mailbox via a VPN connection or RPC over HTTP.  Once you set up your account using Microsoft Outlook, you can refer to the link below for more information on how to create an Outlook Personal Folder (.pst).

How to create a .pst file in Outlook 2003

 Note: If you are using Microsoft Outlook 2007 you will use the File\Data File Management option. 

Once the PST is created, you can then set up and Outlook connection for your other email account and open the PST file.  You can then simply drag the mail items out of the PST and into your mailbox.

How can I make sure that the spell check always runs before my messages are sent?

Spell check options are set in the OWA Options page.  Scroll down to the Spelling Options and put a check mark beside Always check spelling before sending.

Configure OWA to always check spelling before sending a message

OWA users receive a loading message in the Inbox frame and the OWA icons are replaced by placeholder images, how can we fix this?

The loading message can occur in a front-end back-end OWA environment when a service pack or update is applied on the back-end before it is applied on the front-end, refer to http://support.microsoft.com/kb/910119/en-us for details. Any OWA updates must first be applied on the front-end server to ensure compatibility with the back-end server.

If no updates were applied and you are experiencing this issue, refer to http://support.microsoft.com/kb/280823/en-us for more troubleshooting tips.

ISA 2004 responds slowly after users login to OWA using Forms-based Authentication, how can we correct this?

 

Microsoft has corrected an issue where the OWA forms-based filter leaked handles.  For more information and to download the hotfix refer to http://support.microsoft.com/kb/897717/en-us

When I send a document from within a Microsoft Office application such as Microsoft Word, Outlook Express comes up. How can I set up my Default Mail Client to use OWA?

To set OWA as the default mail client, which lets you send messages from within Microsoft Office, respond via MailTo links on websites and send attachments by right-clicking on files on the desktop, you need to use a third party add-on, such as ActiveSend from Messageware (www.messageware.com)

Set OWA as the default email client

 

ActiveSend also includes the ability to save an encrypted username and password, and toggle between mail accounts so you can change the default email from OWA to Outlook, for example, if you are using a notebook both in and out of the office.

Use ActiveSend to toggle between OWA and Outlook Express

 

 

Why do users get a 503 Service Unavailable error after upgrading the Microsoft Windows Server 2000 to 2003?

The error message is the result of the Microsoft Exchange Information Store Service not starting because Oledb32.dll was not updated by the Windows upgrade. You can get the correct version of this file either from another installation of Windows Server 2003 or if you install Windows Server 2003 on another partition and copy the file over.

For more information, refer to http://support.microsoft.com/kb/837285/en-us

What is the difference between the Public or shared computer and Private computer OWA login options

Microsoft ISA Forms-based authentication (FBA) provides users with two login options, "Public or shared computer" and "Private computer", as shown below:

 

Select Private or Public to login to Outlook Web Access

 

Administrators can configure longer session inactivity timeouts for Private connections (e.g. laptop or home) and shorter ones for Public connections (e.g. airport kiosk, customer site). This ensures that if the OWA session is left open by accident, it will safely be logged off after a configured period of time, minimizing the risk that an unauthorized user will gain access to an active session.

The risk with this scenario is that companies have to rely on user education to ensure users choose the correct login option rather than the one that is more convenient for them. There is are security products available from a third-party, Messageware (www.messageware.com) that allow for configuration of security policies by the Exchange Adminstrator by user, gorup, IP address or corporate device.
Why is the font in the first paragraph of a sent OWA message different from the rest of the message?

When a user composes a message in OWA, the font looks homogenous but after sending the message the recipient sees the first paragraph in one font face and the remaining in another.  This occurs because the sender’s Internet Explorer browser setting is configured to use the default Internet Explorer font face.  In OWA, the email editor only puts font tags around the first paragraph and the rest of the message uses the default Internet Explorer font face.  Recipients with a different Internet Explorer default font will therefore see a different font being used after the first paragraph. 

To ensure the font tags are applied to messages composed in OWA, set the Internet Explorer font face to another font than the default.  For more information refer to http://support.microsoft.com/kb/817314/en-us

Why do users get a Page cannot be found error when they attempt to change their password in OWA?

In environments where OWA is not installed on the Default Web Site, either the Davex.dll file or the Exprox.dll file intercepts the request and cause a 404 error. To correct this issue, you must remove the inherited file mappings from the IISADMPWD virtual directory properties.

For instructions on how to make this configuration change, refer to http://support.microsoft.com/kb/328242/en-us

How can I get the new mail notification to stay on the screen until I look at the message?

In OWA 2003 the new mail notification briefly appears in the bottom right-hand corner of the screen and then disappears. 

 

There is a third-party product called Plus Pack from Messageware (www.messageware.com) which will keep the new mail notification on the screen until the user chooses to open or ignore the message.

How can I install the OWA 2003 Admin Tool and how do I access the OWA 2003 Admin Tool after the installation is complete?

The OWA Admin tool is a small tool which should be installed on a client machine for the purpose of remotely setting the OWA options.  The MSI can be downloaded from the Microsoft Support website.   To run the install, double click on the unzipped file.  Once installed, use the following URL to access the Administrative options: https://Servername/OWAAdmin

For more information, refer to http://download.microsoft.com/download/7/9/a/79a3c251-2ca1-44e3-865b-44488f97ad55/readme.htm

How can I change the polling interval of the OWA new mail notification?

By default, the OWA 2003 the new mail notification polls every 2 minutes and the reminder notification polls every 9 minutes.  User options are not available to customize the new mail polling interval without a third-party add-on, such as Plus Pack from Messageware (www.messageware.com).

Users get the message Internet Explorer cannot download file name from server. The file could not be written to the cache, when attempting to save an embedded message to the local machine.

Embedded messages sent by Outlook users cannot be opened in OWA when connecting view SSL. To access the embedded messages either ask the sender to resent the file as an attachment or disable the “Do not save encrypted pages to disk” option in Internet Explorer.

For more information refer to http://support.microsoft.com/kb/820845/en-us

OWA users logging off OWA are prompted for credentials after pressing the logoff button, how can we correct this? This only occurs when connecting the front-end server.

 

This issue is likely caused by a miss-configured authentication setting on the exchweb/bin folder in IIS.  On a front-end server the Exchange, Public and exchweb/bin folders should be configured for Basic Windows authentication.   A misconfiguration can cause multiple login prompts. 

For more information refer to http://support.microsoft.com/kb/325906/en-us

How can we add a Legal dictionary to the OWA spell check?

The OWA spell check searches a default dictionary which cannot be updated by the user. 

To add a legal dictionary, a third-party add-on is required such as the one from Messageware (www.messageware.com).  The Messageware Plus Pack includes Medical, Legal and Corporate dictionaries and allows users to add common terms, such as their last name to their personal roaming dictionary.

How can we add a Medical dictionary to the OWA spell check?
The OWA spell check searches a default dictionary which cannot be updated by the user. To add a medical dictionary, a third-party add-on is required such as the one from Messageware (www.messageware.com). The Messageware Plus Pack includes Medical, Legal and Corporate dictionaries and allows users to add common terms, such as their last name to their personal roaming dictionary.
How can I see my additional personal contact folders in the OWA 2003 address book?

The OWA address book does not show additional Personal Contact folders.  You can access the folders by navigating through the folder tree. 

There is a third party add-on from Messageware (www.messageware.com) which lets users add custom Personal Contact folders to their OWA address book.  Additionally, the Messageware address book lets users add Public Folder address lists and displays all Exchange Address Lists created server-side.

Why does my Outlook signature show up in OWA?
The Microsoft Outlook signature is not carried over to OWA because it is stored on your computer.  You need to create a new signature in OWA.  To do this, click on Options and go down to Messaging Options.  Click on the Edit Signature button and type the signature you want to use every time you send an email
How can I order my address book in OWA 2003 so that Contacts always come up first?

The OWA Find Names address book is not customizable and users will always see the Personal Contacts folder after the Global Address Book.

There is a third party add-on from Messageware (www.messageware.com) which gives users the ability to configure their OWA Address Book to display their personal contact list above the Global Address List.

How can we hard code the language of the OWA interface?

The first time a user logs on to OWA the names of the Inbox, Calendar, Contacts and other default folders are localized using the “Accept-Language” header.  For example, if the browser language is German the first time the user logs on to OWA then the default folder names will be in German no matter if the browser language is change in future sessions.  The language can be hardcoded from the server-side by creating an ISAPI filter in IIS.  The filter intercepts all requests and updates the “Accept-Language” value before Exchange receives it. 

For more details on this configuration refer to http://support.microsoft.com/kb/310599/en-us. 

Users get a message saying Please use the Options shortcut to set your current local time zone -- how can we bypass this message since our users need to connect in different time zones.

User on Internet Explorer 5.0 may get a message asking them to set their time zone settings if the local machine and the OWA time zone settings are different. To correct the “Please use the Options shortcut to set your current local time zone” error, upgrade the browser to Internet Explorer 6.0 since 5.0 cannot differentiate between time zone offsets. For more information refer to http://support.microsoft.com/kb/255457/en-us.

How can I see personal distribution lists from the Find Names Address book in OWA?

The Find Names address book dialog does not display Personal Distribution lists. (Refer to http://support.microsoft.com/kb/820280/en-us for details). 

There is a third party add-on from Messageware (www.messageware.com) which gives users the ability to see personal and corporate distribution lists, Public Folder contact lists, as well as custom Exchange Address Lists. 

How can I get an image into the signature file in OWA?

If you are running Exchange 2003 SP2 on Windows 2003 SP1, an image file can be added the OWA Signature after the S/MIME control is installed on the client machine.  Refer to the following Microsoft knowledgebase article for details http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/1bb882b3-03dc-4085-ae06-a787fd76fd39/

Can I add a thesaurus to OWA?

A thesaurus is not available as a feature in Outlook Web Access 2003 or 2003.  You require a third party product called Messageware Plus Pack (www.messageware.com) to add the Thesaurus to OWA for your users.

 

OWA thesaurus

How can I mark my appointments as private in OWA?

Outlook Web Access does not give users the ability to mark appointments as private.  Appointments marked as Private in Outlook, however, do appear as private appointments when viewed in OWA.

To mark an appointment or Meeting request as Private using OWA you would need to get a third-party add-on, such as the Plus Pack from Messageware Incorporated (www.messageware.com) which adds a private checkbox at the bottom of appointment, meeting request and contact forms.

 Mark appointments as private in OWA

 

 

How can I see personal distribution lists from the Find Names Address book in OWA 2003?

The Find Names address book dialog does not display Personal Distribution lists. (Refer to http://support.microsoft.com/kb/820280/en-us for details).

There is a third party add-on from Messageware (www.messageware.com) which gives users the ability to see personal and corporate distribution lists, Public Folder contact lists, as well as custom Exchange Address Lists.

FindNames

How can I ensure that mail created by Blackberry is not garbled when forwarded by OWA to an OWA Client?
Messages sent from a Blackberry and then forwarded from the sent folder in OWA to another user are garbled when they reach the recipient OWA user.  Refer the following Microsoft article to apply a registry key which will correct this issue: http://support.microsoft.com/kb/924212/en-us
What is the best way to secure attachments in OWA 2003?

Some companies choose to secure block attachment access for all OWA users but this is not practical for most companies.  If you cannot disable attachment access, there is a third party add-on called AttachView  (www.messageware.com) which gives users the ability to view attachments in OWA without caching them on the client machine.  AttachView secures attachments in email messages, contact folders, calendar appointments and public folders.

Why do users receive a Page cannot be displayed error when they open the Help file in a non-English OWA session?

The error my occur when the HELP files are not copied to the Systemroot\Program Files\Exchsrvr\Exchweb\Help folder during installation. To resolve this issue, copy the help files from the Exchange Server 2003 CD (SETUP\I386\EXCHANGE\EXCHWEB\HELP) to the corresponding folder on the server.

For more information refer to http://support.microsoft.com/kb/555265/en-us
Why does the S/MIME control not load in OWA when you are running the Exchange Server 2003 OWA client on a Windows XP Service Pack 2-based computer?

 

The below Microsoft Article explains that S/MIME installs a component which is restricted by Windows XP SP2.  Microsoft has created a correction which can be downloaded via the following article: http://support.microsoft.com/kb/883543/en-us

 

Why can users not save and close the options page in OWA when they click "Save and close"

The below Microsoft article explains that the issue may be related to using SSL, using Gzip compression or using Netscape Navigator 6.x or Netscape Navigator 7.x.

For more information refer to http://support.microsoft.com/kb/822584/en-us

 

When an external user tries to access OWA that is published in ISA Server 2006, the user does not receive the OWA forms-based authentication page

The below Microsoft article explains that when using validation methods such as RSA SecurID with the OWA Forms-based Authentication, users do not receive the OWA logon form.

For more information and to find out how to correct this issue, refer to http://support.microsoft.com/kb/935206/en-us

Why can I not apply an OWA Web publishing rule that redirects users who connect to the root of the OWA Web site to an internal folder by using ISA Server 2006?

The below Microsoft article explains how to correct the following errors when connecting to the root of OWA and the requests are automatically redirect users to the Exchange folder:

  • The changes were saved, but at least one service failed to load
  • Firewall Service cannot b restarted after being stopped
  • Receive 21177 and 21209 event logs in the Application logs      
For more information refer to http://support.microsoft.com/kb/930415/en-us

 

How can I enabling RADIUS authentication for the OWA Forms-Based Authentication in ISA Server 2004?

The below Microsoft article explains that ISA 2004’s RADIUS authentication cannot be used when OWA Forms-Based Authentication is used on the published site.

For more information refer to http://support.microsoft.com/kb/884560/en-us

Why are some users not logged off OWA after clicking the “Log Off" button?

On a front-end server running Exchange Server 2003 or 2000 users are not logged of correctly due to a permission issue on the Logoff.asp page or the /exchweb/bin is configured for Integrated Windows Authentication instead of Basic. For more details and for the instructions on how to correct these configuration issues, refer to http://support.microsoft.com/?kbid=927907.

In our company we have users who need different levels of attachment access, how can I set this up in OWA?

If you are using Microsoft ISA 2004 or ISA 2006 to publish OWA you can set up Forms-based Authentication (FBA) to configure different attachment access for Public and Private connections.  If you are not using ISA, you will need to look at a third-party add-on such as Messageware AttachView (www.messageware.com).  AttachView gives Exchange Administrators the ability to customize security settings by IP address, user groups, or corporate device recognition, controlling the user's ability to view, open, print and save documents.

Clients take a long time to log off an OWA session after you publish an OWA server and configure OWA forms-based authentication in ISA Server 2004 -- why?

When the S/MIME control is not installed, the Forms-based Authentication logoff program in ISA 2004 causes 2 unnecessary HTTP POST requests to run, slowing down the user’s logoff process.  This Microsoft article provides information on how to correct this issue.

For more information refer to http://support.microsoft.com/kb/920139/en-us

Why do OWA Dialog Boxes not use the Internet Explorer Text Size Setting?

The below Microsoft article explains that dialog text sizes are predefined.  The settings can be overwritten by checking the “Ignore font sizes specified on Web Pages”  in Internet Explorer’s Accessibility menu. options.

For more information refer to http://support.microsoft.com/kb/818483/en-us

Why can I not grant delegate writable access to a mailbox for an OWA Client?

The below Microsoft article explains that write mailbox folder access is not supported in OWA.  Instead, full mailbox access must be given to a user to access and manage content in other user’s mailboxes.

For more information refer to http://support.microsoft.com/kb/811646/en-us

How can I configure Exchange Server 2003 OWA to use S/MIME?

The below Microsoft knowledgebase article provides information on how to Install Windows Server 2003 Certification Authority, request a Certificate, install the OWA S/MIME Control and Test Encryption and Signing.

For more information refer to http://support.microsoft.com/kb/823568/en-us

Users accessing OWA on Windows Vista clients get a Red X in the compose message form body, how can I fix this?

Outlook Web Access users who access their mail on Vista clients get a Red X in the compose message form body.   To resolve this issue, apply the below Microsoft updates on the Exchange server/s:

KB 912945: Internet Explorer ActiveX update - Changes the way in which Internet Explorer handles some Web pages that use ActiveX controls and Java applets.

KB 911829: You receive an error message when you try to perform any editing tasks, or you must click to enable the compose frame in Outlook Web Access - Enables a new editor for Internet Explorer. The new editor uses an Internet Explorer "iframe" instead of an ActiveX control.

Note: Applying the hotfixes causes a focus issue in the compose message form; pressing the space bar in the message body brings up the Address Book since the focus is on the “To..” button.  For a free correction and details, refer to the following knowledgebase article by Messageware Incorporated: Pressing the space bar in the compose message window brings up the Address book.

My users are getting additional OWA login prompts, how can I fix this?

Additional login prompts are usually the result of a mismatch of IIS Authentication settings.  The authentication settings for the Exchange, Public, and Exchweb\bin virtual directories must match to ensure users do not get additional login prompts. 

It is best to check the Exchange and Public Authentication settings from the Exchange System Manager (ESM) and then compare them to the settings in the IIS Manager.  This order is important since the ESM settings overwrite the IIS settings for the Exchange and Public virtual directories.

Compare the IIS authentication settings for the Exchange, Public, and Exchweb\bin virtual directories in Exchange System Manager (ESM) and the Internet Information Services Manager (IIS).

  1. Open Exchange System Manager (ESM)
  2. Navigate to the Exchange Virtual Server (\Administrative Groups\First Administrative Group\<Servers>\Protocols\HTTP\Exchange Virtual Server)
  3. Right-click on the Exchange virtual directory, and select Properties
  4. Change to the Access tab and click the Authentication button
  5. Repeat steps 3 to 4 for the Public virtual directory
  6. Open the IIS Manager 
  7. Navigate to the OWA website
  8. Right-Click on the Exchweb\bin virtual directory, and select Properties
  9. Change to the Directory Security tab
  10. Click Edit under the Anonymous access and authentication control section
  11. Verify that the Windows Authentication and Default Domain settings match those of the Exchange and Public virtual directories

Refer to the summary tables of IIS authentication settings below.

Native OWA virtual directory authentication settings  

Authentication

Virtual Directories

 

Exchange

Public

Exchweb\bin

Basic

Basic

Basic

Basic

Integrated

Basic and Integrated

Basic and Integrated

Basic and Integrated

Exchange FBA

Basic

Basic

Basic

What could cause the HTTP 500 internal server error message to occur in OWA 2003?

Based on a Microsoft knowledgebase article, there are several causes for receiving a HTTP 500 Internal Server Error. Some situations in which you might receive the error message are as follows:

  • You try to access your mailbox or the public folders.
  • You try to view Pretty Good Privacy (PGP)-encrypted message.
  • You publish an Exchange Server 2003 Outlook Web Access site behind Microsoft Internet Security and Acceleration (ISA) Server.

For more information and steps on how to resolve this error, refer to http://support.microsoft.com/?kbid=894965.

Articles

ISA Firewall Auto Log Off Controls Can Be a Security Issue for OWA Publishing

ISAServer.org

This article, by ISA Firewall specialist Thomas Shinder, explains that earlier versions of ISA Firewall (2000 and 2004) included navigation protection.  Navigation protection ensures that if a user goes to another website, such as Google, without logging off OWA, ISA automatically logs the user off.  With navigation protection, administrators can rest assured that users are not leaving active OWA sessions behind.

ISA Firewall 2006 no longer includes navigation protection.  This is explained in more detail in an ISA Security report published by Messageware Incorporated (
ISA Security Report: OWA Security Issues Undetected by ISA Server) referenced in Thomas Shinder’s article.

To read the full article, go to:

http://blogs.isaserver.org/shinder/2007/07/19/isa-firewall-auto-log-off-controls-can-be-a-security-issue-for-owa-publishing/

Top 11 Hidden Features in Outlook Web Access for Exchange 2003

Microsoft Exchange Team

The article points out 11 timesaving features available in Outlook and Outlook Web Access.  These features discussed include:

  1. Hotkeys
  2. Using = in front of an email address alias automatically resolves the name in the address bar
  3. Drag and drop can be used to file messages into mailbox folders
  4. With S/MIME installed you can drag and drop images, documents or messages into the message attachments
  5. The type-down feature can be used to find messages in any mailbox folder
  6. View multiple calendars by holding down the CTRL key and clicking on the days you want to see
  7. Use OWA basic to browse your Inbox more quickly
  8. Holding down the CTRL key and clicking on multiple column headings lets you sort multiple columns at once
  9. Enable spell check before sending
  10. Get a nicely formatted agenda view using the following URL: https://<servername>/exchange/<alias>/calendar/?cmd=contents&part=1
  11. Double click on a time in the calendar to bring up a new appointment form

To view the full article, go to http://msexchangeteam.com/archive/2005/10/27/413172.aspx

Alleviate Outlook Web Access (OWA) email attachment security issues

SearchExchange.com

The article gives an overview of an OWA attachment solution called AttachView by Messageware, which lets users safely view a wide array of attachments without ever downloading the file to the local computer.  AttachView offers users secure access to attachments via an enhanced viewing window with features such as: view Microsoft Word Track Changes revisions, a hyperlinked table of contents, printer-friendly version, rotate and zoom buttons.

Administrators can set rules giving users access to users to open, save and print attachments based on criteria such as IP address, username, hostname and if they are connecting from a corporate device.

To view the full article, go to http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1310616,00.html

Free Download Fixes Common Problem with Microsoft Outlook Web Access

Messageware

Many companies who have Microsoft Exchange with the update Q911829 (released in March and April, 2006) installed and are using Outlook Web Access have been experiencing a problem addressing messages. In some environments, when the spacebar is pressed after addressing a message the address dialog box re-appears and in some cases, while typing the message body, entering a space suddenly activates the addressing dialog box.

Upon hearing about this problem from Exchange administrators who were concerned about the productivity of their users, Messageware researched the problem, found the cause, and has released a free fix. This patch is now available to companies and Exchange administrators who are running any version of Exchange or OWA. It can be downloaded at http://www.messageware.com/downloads/fixQ911829.php.

Understanding multi-domain DL update and delegate issues after application of Exchange 2003 SP2

The Microsoft Exchange Team Blog

January 28, 2008 - This article describes how to alleviate problems encountered with OWA calendar delegates in Exchange 2003 when Exchange 2003 SP2 has been installed.

http://msexchangeteam.com/archive/2008/01/24/447928.aspx

New White Paper Resolves Overlooked Outlook Web Access Security Risks

Source: Messageware Incorporated

July 19, 2007, Toronto, Canada – Microsoft Office Outlook Web Access (OWA) is the corporate web mail solution of choice for the overwhelming majority of companies today and most of these companies secure their OWA environment with a Microsoft Internet Security & Acceleration (ISA) firewall server. A new white paper released today by Messageware (www.messageware.com), the world's leading provider of enterprise productivity and security solutions for Microsoft Office Outlook Web Access, highlights often overlooked security risks for organizations running OWA with ISA Server. In addition, it offers effective solutions for securing OWA against those risks.

Download the white paper at http://messageware.com/OWA-white-papers/white_papers.php.

 

Some benefits of using the S/MIME control in OWA 2003

Source: Petri IT Knowledgebase

This article steps though the benefits of installing the S/MIME control on a client machine. The S/MIME control adds drag-and-drop message and attachment capability, enables users to read and send encrypted messages.

http://www.petri.co.il/smime_benefits_in_owa_2003.htm

Use Ctrl+Shift+R to “Reply all” to the selected message.
 

Poll

Will tablet and Smart phone use be a big part of your OWA 2013 deployment?