I´ve set up Exchange 2016 and a Kemp LoadMaster with the Template Exchange 2016 HTTPS Reencrypted with ESP - HTTP Redirect.
The virtual directory authentication setting for OWA is set to forms-based authentication and the Logon format is user pricipal name.
The OWA SubVS ESP is enabled and set as shown on the screenshot
All other SubVS are configured as stated in the ESP PDF. I also setup NTLM/KCD for Outlook Anywhere Authentication. With the setings for User Pricipal Name I just type in my email and password and am able to login to either OWA or set up my Exchange Account on my Mobile Device without having to put in other information like server or domain. Everything is working fine so far except the OWA login. After I enter my credentials on the Kemp LoadMaster OWA Login Screen I have to put in my credentials again for the Exchange OWA Login. It doesn´t matter if I use doamin/user or user principal name.
If I change the authentication for OWA on Exchange and Kemp to basic authentication it works but with the downsite that I don´t have the Kemp Login Screen anymore and logoff is not working properly. Only a notice pops up for the user to close all browser tabs to finish logoff. If I click ok and close the Browser and go back to OWA I am still logged on. Also setup of an Exchange Account on my mobiel device needs now more information than just upn/password. I have to put in domain, server... again.
Basic Authentication is no option for me. I want to use form based authentication on OWA without having to put in my credentials twice.
Any help in this matter is greatly appreciated.