on Jun 16, 2016Article Content
| Article Number | 000025899 |
| Applies To | RSA Authentication Agent 5.3 for Web Microsoft Windows Server 2003 Microsoft Exchange Server 2003 Microsoft Outlook Web Access (OWA) Single Sign-On (SSO) |
| Issue | How to SecurID-protect OWA using single sign-on (SSO) when OWA is in a cluster Users are be prompted for an Exchange authentication after the SecurID challenge. The authentication requests fail, even if the correct Windows password is used. Error: "401 unauthorized" when trying to access mailboxes using Outlook Web Access (OWA) |
| Cause | RSA Security's setup instructions refer to a basic OWA Exchange Front End / Back End configuration. In this case, the Front Ends are communicating directly to the Back End exchange servers. When the Back End Servers are in a cluster, the communication is from the Front Ends to one or more virtual servers. |
| Resolution | Using Step 1 on page 52 of the RSA Authentication Agent 5.3 for Web Installation and Configuration Guide (file name: WebAgent_IIS.pdf), set up the Delegation rights to the Virtual Servers and verify that the Virtual Server have the proper SPN settings. See Error: '401 unauthorized' when trying to access mailboxes through SecurID-/SSO-protected OWA for instructions to set SPN's. |
| Legacy Article ID | a24750 |