How To Log Out Of OWA And ECP Using ESP

Scope

When using the Edge Security Pack (ESP) feature for Pre-Authentication to Microsoft Exchange 2013, you may experience an issue where logging out of Exchange Outlook Web Access is prevented by a browser pop-up message saying “Please close all browser windows to continue”. This is the result of a change in the Exchange product.

Historically, the logoff string was:

/owa/logoff.owa

The new string is:

/owa/auth/signout.aspx

There should be a redirect set up from the old string to the new one, but this would not work with a load balancer as an intermediary.

Solution

In order to make it work properly, you will have to modify a file on the CAS server(s).

Please note, this applies only to Exchange 2013.

Configuration

Navigate to the following file using a text editor:

(Local Drive)\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\web.config

Search for signoutkind.

Comment the line out by adding <!-- at the beginning and --> at the end. Save the file and reboot the server (an IISReset might not be sufficient).

In the Exchange Virtual Service on the LoadMaster, modify the SubVS for OWA and expand the ESP Options section. Enter /owa/auth/signout.aspx in the Logoff String field.

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
piotr.potocki

Hello,

Please provide how to set logoff string for Exchange 2016 CU3 and above.

We have trouble to do this.

Avatar
kemp-lb

Please update the article to provide support for Exchange 2016. We have a similar problem with logoff that does not work.

Avatar
Renard Schoepfel

Hello,

please review the article
https://support.kemptechnologies.com/hc/en-us/articles/115003676151-ESP-FBA-to-FBA-Exchange-deployment-Guide-Firmware-7-2-37-
I have implemented the logoff strings and many more other features on that article.
If you have a configuration that is not working correctly, please open a support ticket with us.

Avatar
nicolas.prevelle

Hi Kemp community,

This is only half the solution, which will work only for owa!

In order to make it work properly, you will have to modify two files on the CAS server (s) !!! not one!

You will must modify the same line, on the same file, also in the "ecp" directory:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp

In the subvs (or RealServer), the logoff string is the same for OWA and ECP: "/owa/auth/signout.aspx"

Regards.
Nic'