|Description||This article describes a workaround when system administrators have to disable TLS1.0 and TLS 1.1 on the respective server where the OWA agent is installed and leave only TLS 1.2. Disabling TLS 1.1 and TLS 1.0 might cause 2FA to fail for the OWA agent.|
|Scope||FortiAuthenticator, 6.x.x, OWA agent 2.x.|
Error logs in OWA agent logs one might get can be matched with this article:
[(null)|389|DEBUG] Login: Session sessionstring: Verification of user (testuser) OTP successful: Verification of OTP for user tesstuser was successful: 200 OK
To fix the 2FA issue of the OWA agent, these changes need to be tweaked in the exchange server installed.
1) Check if the 4.8.Net framework is installed.
2) Edit the following registry values.
After this change, the OWA agent should work with only TLS 1.2 enabled and also 2FA will work properly.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.