Skip to main content
AMRV
AMRV
Visitor III
August 18, 2023
Solved

FortiAuthenticator Agent for Microsoft OWA error reason=2

  • August 18, 2023
  • 3 replies
  • 2835 views

The problem is in the work of the authentication agent. There is Exchange 2019 in the DAG cluster. After installing the agent and working for some time, there are problems with user authorization with the error reason=2, while all users cannot log in through the web.At the same time, user authentication is successful on the server itself.

 

FortiAuntificator: 6.4.1

ForiISSOWAAgent: 2.3

 

Agent Microsoft OWA errors:

 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Verification of user (ismagilova_olga) OTP successful: VerifyOTP for user first-name_last-name was successful: 200 OK
 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Submitting user credentials to: https://exchnage/owa/auth.owa
2023-07-04 10:49:30,400 [(null)|22|INFO ] Login: Session luqtww2dgd32l4t5j0unvd2f: Server (ip address) rejected logon with reason: reason=2

Best answer by Anthony_E

Hello AMRV,

 

I found this documentation:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e9bc6d46-f6d2-11eb-8f3f-00505692583a/FortiAuthenticator_Agent_for_Microsoft_OWA-2.2-Install_Guide.pdf

 

Could you please tell me if it helps?

 

Regards.

3 replies

Anthony_E
Staff
Anthony_E
Staff
August 21, 2023

Hello AMRV,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_EAnswer
Staff
August 23, 2023

Hello AMRV,

 

I found this documentation:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e9bc6d46-f6d2-11eb-8f3f-00505692583a/FortiAuthenticator_Agent_for_Microsoft_OWA-2.2-Install_Guide.pdf

 

Could you please tell me if it helps?

 

Regards.

Best Regards
ggolubovic
Staff & Editor
ggolubovic
Staff & Editor
December 28, 2023

Dear AMRV,

first part of  VerifyOTP for user ... log HTTP 200 is message that FortiAuthenticator confirm that OTP is good, and rest of error are strictly on Exchange/OWA agent.

Error "Server (ip address) rejected logon with reason: reason=2" point to some kind of limitation on exchange server itself. Please check if there is any limitation from which IP range you can access to OWA/ECP.

 

Terms & ConditionsAccessibility statement