|Applies To||RSA Authentication Agent 5.3 for Web|
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Microsoft Outlook Web Access (OWA)
Single Sign-On (SSO)
|Issue||How to SecurID-protect OWA using single sign-on (SSO) when OWA is in a cluster|
Users are be prompted for an Exchange authentication after the SecurID challenge. The authentication requests fail, even if the correct Windows password is used.
Error: "401 unauthorized" when trying to access mailboxes using Outlook Web Access (OWA)
|Cause||RSA Security's setup instructions refer to a basic OWA Exchange Front End / Back End configuration. In this case, the Front Ends are communicating directly to the Back End exchange servers. When the Back End Servers are in a cluster, the communication is from the Front Ends to one or more virtual servers.|
|Resolution||Using Step 1 on page 52 of the RSA Authentication Agent 5.3 for Web Installation and Configuration Guide (file name: WebAgent_IIS.pdf), set up the Delegation rights to the Virtual Servers and verify that the Virtual Server have the proper SPN settings.|
See Error: '401 unauthorized' when trying to access mailboxes through SecurID-/SSO-protected OWA for instructions to set SPN's.
|Legacy Article ID||a24750|