1

We have a user who can receive her email via Outlook but is unable to log in to OWA. The mailbox is on Exchange 2010. They have only been with the company a few months and it seems likely this problem has always happened ever since they started.

Here is the error:

enter image description here

Troubleshooting done so far:

  • ensured AD account is not locked out
  • reset password and tried again using known good password
  • verified that OWA is enabled in the Exchange Features tab on the Exchange server

Interestingly, successful sign-ons to OWA are almost instantaneous (for our other users) but there is always a 15+ second delay before this error appears when this user attempts to sign in - the error never appears instantly. I wonder if that delay could yield some clues as to the possible cause?

Does anyone have any ideas what could be going on here?

Austin ''Danger'' Powers
  • 6,262

1 Answers1

1

Does anyone have any ideas what could be going on here?

You may need to install a service pack and / or check the "Users Tab scope" settings if you are using OWA rules.

You could not be logged on to Forefront TMG" - Solution 1

SYMPTOMS

Consider the following scenario:

  • You create a web publishing rule by using the New Web Publishing Rule Wizard.
  • In the Authentication Settings options, you set the following settings:
    • HTML Form Authentication
    • LDAP (Active Directory)
  • In the LDAP Servers options, you add the fully qualified domain name (FQDN) of a global catalog server. Then, you leave the Type the Active Directory domain name (use the fully-qualified domain name) setting blank.
  • In the Authentication Delegation option, you select Basic authentication.
  • When you access the web server that TMG published, you provide the user name without the domain prefix, and you provide the password.

In this scenario, when you try to log on to the published website, you cannot log on. Additionally, you receive the following error message: You could not be logged on to Forefront TMG. Make sure that your domain name, user name, and password are correct, and then try again.

RESOLUTION

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article: 2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010

Source FIX: "You could not be logged on to Forefront TMG" error message

You could not be logged on to Forefront TMG - Solution 2

Post publishing OWA rule on a TMG server, clients get error “You could not be logged on to Forefront TMG. Make sure that your domain name, user name, and password are correct, and then try again.”

Information:

OWA rule is configured as per Microsoft guidelines with basic and form based with windows active directory authentication.

Exchange 2010 is also configured to use basic authentication

Issue:

OWA page is coming but Login is not working and also giving the following error:

“You could not be logged on to Forefront TMG. Make sure that your domain name, user name, and password are correct, and then try again.”

This error defines that there is some issue in login but you will try all the possible things to make it working.

Cause:

This will come because Threat Management Gateway server is part of workgroup which can’t authenticate users and in OWA publishing rule Users scope is selected to all authenticated users.

Resolution:

On OWA Publishing rule change the Users Tab scope from all authenticated user to all users.

Or

Make the TMG part of domain but this will not be recommend to make a firewall part of domain.

Source Error in Exchange 2010 OWA rule publishing on TMG

DavidPostill
  • 156,873
  • I can use Google too. My question had more thought put into it than your answer. It's supposed to be the other way around. – Austin ''Danger'' Powers Apr 19 '15 at 09:20
  • 1
    I''m sure you can. However it appears you didn't read http://superuser.com/help/how-to-ask > "Sharing your research helps everyone. Tell us what you found and why it didn’t meet your needs. This demonstrates that you’ve taken the time to try to help yourself, it saves us from reiterating obvious answers, and above all, it helps you get a more specific and relevant answer!" – DavidPostill Apr 19 '15 at 09:21
  • 1
    Your question doesn't say if you've installed the service pack or checked the "Users Tab scope" setting. Aside from that my answer will also help other users who are having the same issue (and may not have researched the problem as well as you have ...) – DavidPostill Apr 19 '15 at 09:25
  • I don't have access to the Exchange server at the moment but we have over 1,000 users on that server and have only seen one person with this issue. If the problem was server side, surely it would affect more than one in 1,000? I am going to delete and recreate the user's mailbox today (after exporting the user data to PST). I will post back with an update but am 99% sure this will solve it. My gut feeling is there is a problem with the user mailbox or permissions as a server side issue would affect multiple users. – Austin ''Danger'' Powers Apr 19 '15 at 11:12