This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Original KB number: 2871485
In Microsoft Exchange Server 2013, you have forms-based authentication (FBA) disabled for Outlook Web App (Outlook Web App) and Exchange admin center (EAC). Additionally, you have either Windows Integrated or Basic Authentication enabled. After you upgrade Exchange Server 2013 to a newer build, the FBA page is displayed when a user accesses Outlook Web App or EAC. Additionally, the FBA page continues to appear even after the user provides valid credentials.
This issue also occurs in Exchange Server 2016.
This problem occurs because the upgrade process copies the default Web.config file over the existing, customized Web.config file. This results in all existing settings being lost. This includes the HTTP module settings.
To work around this problem, reconfigure the desired authentication mechanism on the Outlook Web App or EAC virtual directories. To do this, follow these steps:
Note
These steps will reconfigure Windows Integrated Authentication on OWA and EAC virtual directories by using the Exchange Management Shell.
Review the authentication configuration. To do this, run the appropriate command:
For Outlook Web App, run the following command:
Get-OwaVirtualDirectory -Server exch3 | fl *auth*
For EAC, run the following command:
Get-EcpVirtualDirectory -Server exch3 | fl *auth*
Run the appropriate command to disable FBA and to enable Windows-Integrated Authentication:
For Outlook Web App, run the following command:
Set-OwaVirtualDirectory -Identity "EXCH3\owa (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true
For EAC, run the following command:
Set-EcpVirtualDirectory -Identity "EXCH3\ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true
Run IISReset to restart Internet Information Services (IIS).
See View or Configure Outlook Web App Virtual Directories for information about how to use the EAC or the Exchange Management Shell to view or configure the properties of an Outlook Web App virtual directory.
To retrieve the settings of Microsoft Office Outlook Web App virtual directories on a computer that is running Exchange Server 2013 and that has the Client Access server role installed, run the command:
Get-OwaVirtualDirectory -Server exch3 | fl *auth*
Here is an example of the results that are returned by the command:
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
See Get-OwaVirtualDirectory, for information about how to retrieve all Office Outlook Web App virtual directories on a computer that is running Microsoft Exchange Server 2013 and that has the Client Access server role installed.
See Set-EcpVirtualDirectory for information about how to change the properties of an EAC virtual directory.
Training
Module
Troubleshoot Federation Issues - Training
We will discuss federation and interoperability between Teams and Skype for Business.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Documentation
Error in EMS, EAC, ECP, OWA, or Outlook on the web in Exchange Server - Exchange
Describes issues where you can't start EMS or sign in to EAC or ECP and where users can't sign in to OWA or Outlook on the Web. Provides a resolution.
View or configure Outlook on the web virtual directories in Exchange Server
Summary: Learn how to view and configure the properties of Outlook on the web virtual directories in Exchange Server 2016 or Exchange Server 2019