This post will go into the steps that happen during the OMA 2003 logon process. As I work in Support Services, I get to explain this a lot so I wanted to share it. The general flow goes like this:
User Information in our example:
Domain Account: Contoso\Administrator
Exchange Alias: Administrator
Proxy Address: SMTP:administrator@contoso.com
Step 1.
- The user browses to:
and provides valid domain credentials. In our case “contoso\administrator”
NOTE: It is recommended that you Require SLL on the OMA virtual directory.
Step 2.
IIS then authenticates and authorizes the user with a Domain Controller. For more information on IIS Authentication and Authorization, go to http://www.iiswebcastseries.com/
Step 3.
- The OMA ASP.NET framework then uses the SID that IIS got
<Entering FindUserViaCreds>
to find the user and determine the Netbios name of BackEnd server for that user.
<m_ExchangeServer=='BE'>
Next OMA verifies that OMA is enabled globally and for that specific user.
<AdminWirelessEnable='0'>
Then OMA determines which SMTP domain we are servicing
<Default domain from metabase = 'contoso.com'>
OMA then checks to see if there is an Alternate Exchange Virtual Directory set. If none is set, we default to “Exchange”.
<Returning alternate Exchange virtual directory value: ''>
OMA will then find the users Alias from the users ProxyAddresses that match the SMTP domain that it is serving.
<proxy='SMTP:Administrator@contoso.com'>
Then the most crucial step, OMA builds the HTTP URL that it will use to access the users mailbox on their backend server. OMA will use the data it has collected to build the URL in the following manner
http://ExchangeServer/ExchangeVirtual directory/Alias
in our case
<m_baseFolder.URL='http://BE/Exchange/Administrator/'>
This exact http URL is then sent to the users BackEnd Server
Step 4.
OMA sends the URL built to the BE server, in our case http://BE/Exchange/Administrator/
Step 5.
The URL sent by OMA “http://BE/Exchange/Administrator/” is then picked up by Davex.dll as an EXPLICIT OWA request. See KB812220 for more info.
NOTES:
OMA will FAIL if SSL is REQUIRED on the exchange virtual directories it tries to access, with our without FBA enabled.
OMA will work with Forms Based Authentication as OMA does NOT need Integrated Authentication/Kerberos.
If the Exchange Virtual directory is set to require SSL then you must create an Alternate Exchange Virtual directory for OMA to use and NOT require SSL on that Virtual directory. See KB817379 for more on that!
Hope this was helpful,
You Had Me at EHLO.