The problem is in the work of the authentication agent. There is Exchange 2019 in the DAG cluster. After installing the agent and working for some time, there are problems with user authorization with the error reason=2, while all users cannot log in through the web.At the same time, user authentication is successful on the server itself.
FortiAuntificator: 6.4.1
ForiISSOWAAgent: 2.3
Agent Microsoft OWA errors:
 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Verification of user (ismagilova_olga) OTP successful: VerifyOTP for user first-name_last-name was successful: 200 OK
 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Submitting user credentials to: https://exchnage/owa/auth.owa
2023-07-04 10:49:30,400 [(null)|22|INFO ] Login: Session luqtww2dgd32l4t5j0unvd2f: Server (ip address) rejected logon with reason: reason=2
Solved! Go to Solution.
Hello AMRV,
I found this documentation:
Could you please tell me if it helps?
Regards.
Hello AMRV,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello AMRV,
I found this documentation:
Could you please tell me if it helps?
Regards.
Dear AMRV,
first part of VerifyOTP for user ... log HTTP 200 is message that FortiAuthenticator confirm that OTP is good, and rest of error are strictly on Exchange/OWA agent.
Error "Server (ip address) rejected logon with reason: reason=2" point to some kind of limitation on exchange server itself. Please check if there is any limitation from which IP range you can access to OWA/ECP.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.