OMA 2003 Logon Process


This post will go into the steps that happen during the OMA 2003 logon process. As I work in Support Services, I get to explain this a lot so I wanted to share it. The general flow goes like this:


 



 


User Information in our example:


Domain Account: Contoso\Administrator


Exchange Alias: Administrator


Proxy Address: SMTP:administrator@contoso.com


 


Step 1.


– The user browses to:


 


     Http://fe.contoso.com/OMA


 


and provides valid domain credentials. In our case “contoso\administrator”


NOTE: It is recommended that you Require SLL on the OMA virtual directory.


 


Step 2.


IIS then authenticates and authorizes the user with a Domain Controller. For more information on IIS Authentication and Authorization, go to http://www.iiswebcastseries.com/


 


Step 3.


– The OMA ASP.NET framework then uses the SID that IIS got


 


<Entering FindUserViaCreds>


 


to find the user and determine the Netbios name of BackEnd server for that user.


 


<m_ExchangeServer==’BE’>


 


Next OMA verifies that OMA is enabled globally and for that specific user.


 


<AdminWirelessEnable=’0′>


 


Then OMA determines which SMTP domain we are servicing


 


<Default domain from metabase = ‘contoso.com’>


 


OMA then checks to see if there is an Alternate Exchange Virtual Directory set.  If none is set, we default to “Exchange”.


 


<Returning alternate Exchange virtual directory value: ”>


 


OMA will then find the users Alias from the users ProxyAddresses that match the SMTP domain that it is serving.


 


<proxy=’SMTP:Administrator@contoso.com’>


 


Then the most crucial step, OMA builds the HTTP URL that it will use to access the users mailbox on their backend server.  OMA will use the data it has collected to build the URL in the following manner


 


http://ExchangeServer/ExchangeVirtual directory/Alias


 


in our case


 


<m_baseFolder.URL=’http://BE/Exchange/Administrator/’>


 


This exact http URL is then sent to the users BackEnd Server


 


Step 4.


OMA sends the URL built to the BE server, in our case http://BE/Exchange/Administrator/


 


Step 5.


The URL sent by OMA “http://BE/Exchange/Administrator/” is then picked up by Davex.dll as an EXPLICIT OWA request. See KB812220 for more info.


 


NOTES:


OMA will FAIL if SSL is REQUIRED on the exchange virtual directories it tries to access, with our without FBA enabled.


 


OMA will work with Forms Based Authentication as OMA does NOT need Integrated Authentication/Kerberos.


 


If the Exchange Virtual directory is set to require SSL then you must create an Alternate Exchange Virtual directory for OMA to use and NOT require SSL on that Virtual directory. See KB817379 for more on that!


 


Hope this was helpful,


 


Tim Hackbart

Comments (5)
  1. Anonymous says:

    At last they bring it in-line with OWA!

    Source: http://blogs.technet.com/exchange/archive/2005/08/05/408728.aspx

  2. Marcel says:

    I really liked the SLL requirement part, hehe, this is a great post guys, keep up the good work :)

  3. Jason says:

    Hi,

    Found this topic very interesting, but it doesn’t quite give me the answer to my problem.

    I have SBS 2003 exchange and am trying to use OMA. I have the exchange configured correctly – I think – and can access OMA from a desktop browser and a wap enabled phone, but when I try and access OMA from an Orange Smartphone SPVM2000, it seems to hang. When I type the URL in IE, the screen with Inbox, Calendar etc. is displayed and in the address field I get what I assume to be a session id – changes every time I try. However, when I click on the inbox or calendar, nothing happens. Also, I don’t get the MSExchangeOMA event log message saying the OMA browser application has started. I do get this message when I access OMA from another device. I’m assuming it may be related to the smartphone using cache. It also doesn’t request username and password as I requested those details to be saved the first time I tried. I’ve cleared the history and deleted files on the smartphone, all to no avail. Has anyone experienced this, or have any odeas what it may be.

    Any hekpl would be gratefully received.

    Jason

  4. Anonymous says:

    &amp;nbsp;Expansys now has the Qtek 9100 available for pre-order.&amp;nbsp; I hear that Mad Monkey Boy’s Gadgets&amp;nbsp;may…

  5. Anonymous says:

    &amp;nbsp;Expansys now has the Qtek 9100 available for pre-order.&amp;nbsp; Keep an eye on&amp;nbsp; Mad Monkey Boy’s…

Comments are closed.