Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AMRV
New Contributor

FortiAuthenticator Agent for Microsoft OWA error reason=2

The problem is in the work of the authentication agent. There is Exchange 2019 in the DAG cluster. After installing the agent and working for some time, there are problems with user authorization with the error reason=2, while all users cannot log in through the web.At the same time, user authentication is successful on the server itself.

 

FortiAuntificator: 6.4.1

ForiISSOWAAgent: 2.3

 

Agent Microsoft OWA errors:

 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Verification of user (ismagilova_olga) OTP successful: VerifyOTP for user first-name_last-name was successful: 200 OK
 [(null)|22|DEBUG] Login: Session luqtww2dgd32l4t5j0unvd2f: Submitting user credentials to: https://exchnage/owa/auth.owa
2023-07-04 10:49:30,400 [(null)|22|INFO ] Login: Session luqtww2dgd32l4t5j0unvd2f: Server (ip address) rejected logon with reason: reason=2

1 Solution
Anthony_E
Community Manager
Community Manager

Hello AMRV,

 

I found this documentation:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e9bc6d46-f6d2-11eb-8f3f-005056...

 

Could you please tell me if it helps?

 

Regards.

Anthony-Fortinet Community Team.

View solution in original post

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello AMRV,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello AMRV,

 

I found this documentation:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e9bc6d46-f6d2-11eb-8f3f-005056...

 

Could you please tell me if it helps?

 

Regards.

Anthony-Fortinet Community Team.
ggolubovic
Staff
Staff

Dear AMRV,

first part of  VerifyOTP for user ... log HTTP 200 is message that FortiAuthenticator confirm that OTP is good, and rest of error are strictly on Exchange/OWA agent.

Error "Server (ip address) rejected logon with reason: reason=2" point to some kind of limitation on exchange server itself. Please check if there is any limitation from which IP range you can access to OWA/ECP.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors