We are protecting our OWA through the UTM's WAF. (UTM is on 9.714-4)
Since a while, it works like expected, until today, where a user comes by and complains about connection issues with his mobile device.
Turns out, the problem seams to be a ">" in in his Password.
Hi's able to login to OWA directly from the the internal network but not from outside via WAF.
When the login fails through WAF the Exchange Logs shows:
An account failed to log on.Subject:    Security ID:       SYSTEM    Account Name:      Mailserver$    Account Domain:    Domain    Logon ID:          0x3E7Logon Type:            8Account For Which Logon Failed:    Security ID:       NULL SID    Account Name:      username    Account Domain:    domainFailure Information:    Failure Reason:    Unknown user name or bad password.    Status:            0xC000006D    Sub Status:        0xC000006A
The Firewall log:
2023:02:28-09:51:18 host-1 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="26739" user="-" host="xxx.xxx.xxx.xxx" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="61956" url="/owa/auth/logon.aspx" server="exchange.local" port="443" query="?url=https%3a%2f%2fexchange.local%2fowa%2f&reason=2" referer="">exchange.local/.../logon.aspx cookie="cookieTest=1; logondata=acc=0&lgn=domain\\user; _ga=GA1.1.1705732369.1677573787; _ga_M9BP2QSXKX=GS1.1.1677573786.1.1.1677574145.0.0.0; PrivateComputer=true; PBack=0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_3AhrzZbUm4FR9sBGOLLAAAAHQ"
This thread was automatically locked due to age.
 
				 
		 
					 
				