exchange 2010 Outlook Web App ( OWA ) SP2 : Your request couldn’t be completed. This may have occurred for security reasons …


After upgrading Exchange Server 2010 to Service Pack 2 you can access Outlook Web App without SSL as usual, but there’s the following problem after signing in successfully to OWA by http://servername/

When you click on Options, or ‘new mail’ or  many other places, an error message appear: “Your request couldn’t be completed. This may have occurred for security reasons or because your session timed out”.

If you access OWA by https://servername/, everything is ok, Unchecking “Require SSL” settings in IIS doesn’t  help. (if it isn’already unchecked)

The solution is editing the web.config file and change the requireSSL=”true” to “false” , see the steps below :

  1. Find the Outlook Web App Web.config file on the Client Access server. The default location is <drive>\Program Files\Microsoft\Exchange Server\<version>\ClientAccess\Owa.
  2. Make a backup copy of the file.
  3. Open the original file using an editor such as Notepad. Don’t use IIS Manager to edit the Web.config file.
  4. Find httpCookies httpOnlyCookies=”false” requireSSL=”true” domain=”” and change the requireSSL flag to false.
  5. Save and close the file.
  6. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

NOTE it is safer to use HTTPS everywhere (instead of bridging HTTPS –> HTTP)

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

34 thoughts on “exchange 2010 Outlook Web App ( OWA ) SP2 : Your request couldn’t be completed. This may have occurred for security reasons …

  1. Thanks

    Shame Microsoft couldnt have mentioned this within the SP notes. This wasnt required prior to SP2 and it took ages for me to find your site.

  2. I am trying to do something opposite to this.
    We want to force the SSL redirect.
    It works from the default website and redirects to the https://domainname/owa

    However, on the owa HTTP Redirect page, when we set the owa web app http://domainname/owa to redirect to https://domainname/owa it does not redirect. If we click “Require SSL” check box on the OWA SSL Settings and then try to browse to http://domainname/owa we will recieve and “Access forbidden” message.

    So, the default website redirects correctly but the owa virtual directory does not redirect. Any ideas?

    1. It depends on your situation, for example : If you are using a reverse proxy like TMG you can do it like this:

      On the TMG :
      – Bridge HTTP to HTTPS
      – Create a deny rule with a https redirect to /OWA

      On your internal LAN :
      – Internally create an alias to your OWA host (split dns) and point it to the ip-address of the TMG owa listener.

  3. I never even noticed that redirection is the problem. Depending on the browser session it sometimes worked and sometimes doesn’t (http/s history).

    Thankfully I found your page by accident and it worked a treat .. Sweet baby jebus …

  4. Thanks for writing this up. I’ve just been ignoring this error message for a while now, but today I decided to do something about it. I’m glad it was such a simple fix.

  5. Nice one. Resetting IIS is not required by the way. The change in web.config will automatically be picked up and processed.

  6. Thank you! I’ve been looking for an answer to this issue for a couple of days. It’s just a lab instance so not too worried about SSL. But thank you again for publishing this!

  7. thank you

    I took months with this problem, I saw your page a few weeks ago, but did not have the same configuration of web.config, as had exchange 2010 version 14.3 (build 123.4) con un update rollup 9 for exchange server 2010 servipack 3 (KB3030085), and therefore could not change the desistale and recheck the web.config and it works, thank you very much

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.