OWA login using Windows Security dialog box

Catherine Jaszewski 716 Reputation points

I recently migrated from a Exchange 2016 CU17 to a Exchange 2019 CU8.
I had some issue with authentication to OWA and ECP but was able to resolve by using Basic and Windows authentication on the Virtual Directories.
However, now my users are being prompted by a Windows Security box for credentials vs. the default ASPX login page from Exchange.
We are able log into OWA and ECP but with Windows Security box only.

How do I get my ASPX login page back?

Please advise.

thank you,

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,497 questions
0 comments No comments
{count} votes

Accepted answer
  1. Catherine Jaszewski 716 Reputation points


    WhooHoo!!! I took your advise and changed authentication to Forms Based (with Basic) for both ECP and OWA and voila! Its working!

    I think before when we tried to use Forms Based I was still having WMSVC SHA2 certificate issues with Web Management.

    But we are now good to go!

    Thank you! Thank you! Thank you!!!

2 additional answers

Sort by: Most helpful
  1. Andy David - MVP 145.1K Reputation points MVP

    Did you disable Forms based auth on those virtaul directories?

    Get-OwaVirtualDirectory -Server exch3 | fl *auth*  
    Get-EcpVirtualDirectory -Server exch3 | fl *auth*  

    If you want forms-based, you can enable:

    Set-OwaVirtualDirectory -Identity "EXCH3\owa (Default Web Site)" -FormsAuthentication $true -WindowsAuthentication $false  
    Set-EcpVirtualDirectory -Identity "EXCH3\ECP (Default Web Site)" -FormsAuthentication $true -WindowsAuthentication $false  

    This doc sort of touches on the issue if you didnt want Forms Based:

  2. Andy David - MVP 145.1K Reputation points MVP

    If you set BasicAuthentication to $false, then it should just allow domain-joined users to access without any prompt, otherwise you will need to enable forms-based auth if you want them to get the web-based logon screen so they can enter their password or integrate with ADFS

    0 comments No comments