OpsMgr by Example: Synthetic OWA Testing

If you have already tried everything that you can do to get rid of the OWA logon failure (other than disabling it) in Exchange 2003, this may be of assistance.

Alert: OWA: Outlook Web Access logon failure: Authentication error

Issue: The OpsMgr script in the Exchange 2003 management pack will not work if you are using a custom URL and HTTPS with certificates. If you’re not already familiar with this issue, Andy Dominey previously blogged this at http://myitforum.com/cs2/blogs/adominey/archive/2007/04/10/mom-2005-and-om-2007-exchange-2003-management-pack-issue.aspx). For example, if you have a server named SERVER1 at ABCCO and your webmail address is https://webmail.abcco.com on SERVER1 the current MP cannot perform the check on this web location correctly, as the server name (server1.abcco.com) does not match the certificate name of webmail.abcco.com.

Resolution: Create a custom simple monitor with two views to monitor the OWA front-end functionality.

Perform the following steps:

1. Open the Operations Console -> Authoring -> Web Applications. Right-click and choose Add monitoring wizard.

2. Choose the Web Application monitoring type.

3. Enter a name (OWA Web Test) and description and choose the management pack (preferably not the default management pack, we created our own called OWA Web Test).

4. Enter the URL to test. For our example company of ABCCO.com we will be using https://webmail.abcco.com to match the organization’s existing external name that is assigned to the SSL certificate.

5. Choose a watcher node (the MS or RMS does well on this if it isn’t too busy) and the frequency (defaults to 2 minutes).

6. Create the web application.

7. Highlight the new Web Application and choose Edit web application settings under actions.

8. Start a capture and go through the following process: (As an FYI we were not able to select and preview messages/it caused too many issues with the monitor)

· Log in to the OWA server using specified credentials

· Create and sends a new message to the email of the specified credentials

· Delete the message which was sent

· Logs out of the OWA browse session.

9. Remove any failed responses that are not required. As an example, we removed the the links section on ours. We removed this by going to the Properties -> Monitoring tab, and unchecking “Enable health evaluation and performance collection for Internal links”. We also needed to remove other conditions which failed regularly, do this by highlighting the URL that failed and deleting it under the Actions selection.

10. Now that the Web application is monitoring the OWA site, we can see the state of the monitor either under the management pack we specified (Administration -> OWA Web Test in our case) or under the Administration -> Web Application -> Web Applications State.

11. We can also right-click on the particular state view and choose to open the alert view or the performance view. The performance view is especially useful, and it is a good idea to go ahead and create a performance view so that you can easily access these counters (be sure to limit the performance counters shown to the name that you created such as our OWA Web Test example otherwise there are a lot of counters). An example of the performance view is shown here.

12. Now that we are effectively monitoring OWA functionality we can now disable the original “OWA: Outlook Web Access logon failure: Authentication error” alert.

We would like to give a huge thanks to Tony Greco who pointed out this issue, and found this creative approach to resolve it!

This entry was posted in Tuning and Configuration. Bookmark the permalink.

6 Responses to OpsMgr by Example: Synthetic OWA Testing

  1. Andreas says:

    Sometime it becomes necessary to add the domain name to the BEAcount registry value. The alert messages are not really helpful in this case when we tried to monitor our OWA/OMA services. A look at the web server logs has discovered the failure. After changing the BEAccount to domain\\samaccountname and a restart of the health service everything works fine.

  2. Andreas says:

    P.S.: It works with SSL and certificates for OWA and OMA with Custom URL\’s.

  3. Operations says:

    Thanks, Andy!

  4. Chu Hei says:

    It still have no luck on SSL. Both intranet and internet SSL website didn\’t work.
    It just give me this message 2147954552 – ERROR_WINHTTP_INVALID_SERVER_RESPONSE

  5. Operations says:

    Chu Hei,
    The configuration is very picky. Be sure the name of the machine is the same as the name on the website or it won\’t work – with or without SSL.
    Without additional information here it would be very difficult to help you. You may also want to consider the OpsMgr newsgroups on this, but be sure to provide more details.

  6. Ian says:

    The following list contains the issues that are fixed in version 6.0.6278.0 of the Exchange Server 2003 Management Pack for Operations Manager 2007.• Fixed an issue with Outlook Web Access (OWA) monitoring when a custom OWA site and HTTPS with certificates is used. The Outlook Web Access Logon Monitor now exposes an override CustomURL which if set to true will cause the monitor to ignore the default URL value and use the value from the CustomURL registry key. For more information on how to use a custom URL, see the “How to Configure Custom URLs for OWA, OMA and EAS” section in this guide.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s