Chrome 80 samesite feature causes OWA login loop

AnandN 1 Reputation point
2020-08-21T09:20:46.867+00:00

Encountered an OWA login loop when using the latest version of chrome browser to access OWA. Environment is using SSL offloading:

Chrome OWA Client -------(https)--------[SSL offloader device]-------(http)----- Exchange 2016 on prem

Other browsers and older chrome version browsers that do not use the new samesite feature access OWA fine.

Any patches for this or workaround ? I have the latest CU applied already (17).

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,082 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Kael Yao-MSFT 21,536 Reputation points Microsoft Employee
    2020-08-24T07:50:19.69+00:00

    Hi,
    Please set the samesite attribute of your Chrome Browser from lax(default) to none, and see if the problem persists.
    You can follow these steps:
    1:access chrome://flags via Chrome
    2:find same-site-by-default-cookies and cookies-without-same-site-must-be-secure
    3:set these two flags to “disabled” and restart the browser


    If the response is helpful, please click "Accept Answer" and upvote it.


  2. Eirik Vesterhus 1 Reputation point
    2020-08-24T09:50:17.093+00:00

    Do a cookie rewrite on the SSL offloader device if possible, or change the backend communication to HTTPS.

    Example with Netscaler: https://support.citrix.com/article/CTX138055

    I have tested both and it works.