This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 9%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Encountered an OWA login loop when using the latest version of chrome browser to access OWA. Environment is using SSL offloading:
Chrome OWA Client -------(https)--------[SSL offloader device]-------(http)----- Exchange 2016 on prem
Other browsers and older chrome version browsers that do not use the new samesite feature access OWA fine.
Any patches for this or workaround ? I have the latest CU applied already (17).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi,
Please set the samesite attribute of your Chrome Browser from lax(default) to none, and see if the problem persists.
You can follow these steps:
1:access chrome://flags via Chrome
2:find same-site-by-default-cookies and cookies-without-same-site-must-be-secure
3:set these two flags to “disabled” and restart the browser
If the response is helpful, please click "Accept Answer" and upvote it.
Do suggestions above help? If you have any questions or needed further help on this issue, please feel free to post back.
If the response is helpful, please click "Accept Answer" and upvote it.
Yes I am aware of the workarounds in chrome, but was looking for another way to fix this.
Attached is the chrome error in developer tools when trying to login to OWA
Please try setting the cookie to Samesite=None; Secure and see if it can solve your problem.
If the response is helpful, please click "Accept Answer" and upvote it.
@AnandN
Hi, I am writing here to confirm with you how thing going now?
If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 43%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Do a cookie rewrite on the SSL offloader device if possible, or change the backend communication to HTTPS.
Example with Netscaler: https://support.citrix.com/article/CTX138055
I have tested both and it works.
Due to SSL offloading, the backend communication is http so I cannot change it to https. Can you elaborate on how the cookie rewrite would work ?
If you have a Netscaler just copy the rewrite policy and action from the article.
I do not have a netscaler. I was wondering what the rewriting achieves ? This would help me understand what could be done on my device
Your device needs to set the secure flag on the cookies. That is all.