I have an exchange 2007 server on Windows 2008, running IIS, with Outlook Web Access enabled. The "/owa" page is protected with the RSA Authentication for Web for IIS. (not sure the exact version - what ever was the most recent version when the server was installed.) This works great- users connecting to the /owa web page have to enter secure ID credentials.
My company is migrating to Exchange 2013 , so I have a new server running Exchange 2013 on Windows 2012 R2. I have installed RSA Authentication Agent 8.0.1 for Web for IIS. The /owa, /ecp and /oab virtual directories are protected by RSA agent, and are also in the RSA SecurID application pool.
When I connect to https://newserver.mydomain/owa they get the RSA authentication screen. After authenticating, Ithen get a windows authentication pop-up screen (if in IE). I can login with my windows creds (firstname.lastname@example.org) but then get the message:
The website declined to show this webpage
Most likely causes:
- This website requires you to log in.
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
(In firefox, just end up with a blank page.)
The virtual directories in question are configured to use basic authentication (same as on the /owa directory Exchange 2007 server.) If I enable anonymous authentication I don't get the windows login promt, but then I still don't get to the OWA login page.
When I disable RSA SecurID authentication then OWA works fine - except of course with out the additional protection.