Outlook Web Access Loading... in mixed Exchange 2003 and 2007 environment

There are plenty of web sites that can help you resolve now already well known problem in OWA when your browser does not display any pictures in it and hangs with Loading... text.

Use Google to find other resolution if it is not the one described below.

You setup Exchange 2007 into the existing Exchange 2003 environment. You reroute Internet users to use your new Client Access Server (CAS) for OWA. CAS server includes a mechanism that redirects user to the correct Exchange server, being that Exchange 2003 or 2007. It depends on which server the mailbox resides.

In the case that you changed Authentication type on your CAS server such that users don't need to provide domain\username but only username, your Exchange 2003 users could get following screen in their browser...

The resolution to the problem is in the authentication type on your CAS server. Not only that you need to change authentication type on your /Exchange folder but also on your /owa and /Exchweb folders.

I would also recommend that you enter your domain name on existing /Exchange and /Exchweb Exchange 2003 web folders in IIS if you chose to use only username for login.

Exchange Intelligent Message Filter (IMF) and GFI MailEssentials on the same machine

I found a strange problem on Exchange 2003 with Intelligent Message Filter (IMF) disabled on SMTP virtual server. Despite the fact that GFI's MailEssentials was installed on the machine and that IMF was disabled, IMF was still doing most of the antispam job.

If I for example changed the default action on Intelligent Message Filter tab to Archive then I found lots of spam in the default IMF archive location \exchsrvr\mailroot\vsi 1.

When I opened MailEssential's Monitor tool it was obvious that only "clean" messages were passed to the MailEssentials.

So what went wrong? Somehow IMF enabled itself despite that checkbox on SMTP virtual server was not selected at all.

To resolve the issue just open the SMTP virtual server instance, enable IMF by checking the Enable Intelligent Message Filter, restart the SMTP service and then uncheck Enable Intelligent Message Filter to really disable it.

Now if you check MailEssential's monitor you'll see that spam and all mail is going through MailEssentials.

Keyloggers and Outlook Web Access

There are lots of questions on the Internet about possibility of keyloggers being installed on the public computers and the use of Outlook Web Access (OWA) on such machines.

Let's presume that you are using public computer in an Internet Café anywhere in the world. You want to connect to your company's e-mail by means of Outlook Web Access interface.

Since you are not the administrator of the machine or have higher privileges on that same computer, you are not able to install programs on it. It means you have to use the computer AS IS.

You can't prevent keylogger from collecting your data, since you lack the privileges to do so, but your e-mail system can use two-factor authentication as a form of letting the users in.

Two factor-authentication is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance. Using more than one factor is sometimes called strong authentication. (Wikipedia, 2008)

One Time Password (OTP) tokens can be used to enter random number found on the token as a first factor of authentication. If the first factor authentication is positive then the usual OWA domain\username\password authentication is used as a second factor of authentication.

Since one time password is used only once, keylogger will log already old data thus preventing possible intruder to use it again.

Keylogger will of course log your domain, username and password but such data will be useless to certain extent as your online services would be probably protected with two factor authentication and OTPs.

Since you are now NOT the only owner of your username and password, domain password expiration policy IS A MUST and passwords must be changed constantly.

Your data could be stored by keyloggers on the public machines even if you are using On-screen keyboard. Current keyloggers have even built-in option to save screenshots thus making any other authentication option (for public computers at this very moment) than two- or more-factor, unable to prevent possible intrusions that would use logged data.

 

References

Wikipedia (2008) Two-factor authentication. Available at: http://en.wikipedia.org/wiki/Two-factor_authentication (Accessed: 11 April 2008).