Fix the set_pback_cookie Issue During OWA Login in Office 365

Aftab Alam
Aftab Alam linkedin | Updated On - November 03, 2022 |

Read time 4 minutes

Microsoft Outlook Web Apps is the online version of MS Outlook. When the users try to access Office 365 on a system than their computers, they can access their emails on Outlook Web Access. It is accessible in a web browser and uses the same credentials as their Office 365 (now Microsoft 365) accounts. In MS Outlook Web App, it is possible to add Office 365 shared mailbox and access using the same credentials.

You can also establish your Exchange Online account in Outlook Web Access, and it becomes highly important for the business to keep it working. Sometimes, when the user tries to log in to OWA, an issue occurs with the cookie set_pback. It is an authentication warning related to OWA that stops the account from opening.

The PBack is session is a cookie that OWA should issue after a successful login. If the cookie is not issued, then it will be a login failure. So, before logging in to your OWA account, you should enable cookies manually in the web browser.
Here is how you can enable cookies manually in different web browsers:

In Mozilla Firefox

  1. In Mozilla Firefox, click three horizontal lines to open the menu and then choose Options.
  2. Go to the Privacy tab; inside the History tab, choose ‘Use custom settings for history.’
  3. Click the checkbox to select ‘Accept cookies from sites.’ Also, change the ‘Accept third-party cookies’ option to Always.
  4. Click OK.

In Windows Edge

  1. In Windows Edge, click three dots (More), click Settings, and View Advanced Settings.
  2. Go to cookies and choose the option Don’t block cookies.

In Google Chrome

  1. In Google Chrome menu, click Settings>>Show advanced settings. Go to the Privacy tab and go to Content Settings.
  2. There is a cookies option in Content Settings; choose ‘Allow local data to be set (recommended).’
  3. Click Done.

In Mac Safari

  1. On your Mac computer, open Safari, then choose Preferences>>Privacy.
  2. Allow the option to ‘Cookies and website data.’ Click Close and restart the browser.

In Internet Explorer

  1. In Internet Explorer, click Tools, then choose Internet Options>>Privacy>>Advanced.
  2. Choose Accept under First-party cookies and click Access under third-party cookies.
  3. Choose OK.

Additional Tips

If you have enabled cookies in the web browser and cannot log in to Office 365, there may be a more severe authentication problem in the Exchange Online server. So, here is what you can do:

Check the authentication settings in IIS Server

Open Internet Service Manager and right-click on the OWA website. Choose its Properties.

  1. Go to the Directory Security tab under Outlook Web App main site’s property wizard.
  2. Click Edit to ‘Anonymous Access and Authentication Control’ option.
  3. In the authentication method dialog box, check if Anonymous Access is not checked.
  4. In the authentication access section, verify that the Basic Authentication option is selected.
  5. Click the Edit button and make sure that the Connect authentication domain is selected.

Click OK, then close all the opened wizards. Then, log in to OWA with the help of saved settings.
There are some useful methods to protect your Exchange Online account from unauthorized access or DOS attacks that you should always use.

  1. Use strong passwords to protect your accounts. The Exchange Administrator can set the terms and conditions to secure the password. Some strong tactics are account lockout after 5 wrong attempts, triggering a wait time to log in after 30 minutes and reset account lock after 60 minutes.
  2. You can enable CAPTCHA to strengthen the login process. The user will need to fill the CAPTCHA after providing the login details.
  3. Use the multi-factor login methods. It requires a mobile phone number and an additional step before entering the account. After providing the login details, the user will get an SMS or a call with a password. After inputting the password, the account will allow to log in.
  4. Block the user using geo-blocking based on their locations. Often, the attacks happen from various countries, and hackers use VPN to mask their identity. If you know your user base and their location, then you can use the geo-blocking feature to block users from other countries.

Conclusion

There are several issues that are bigger than the cookies problem in OWA. You should protect your account by using the above-noted security and authentication practices. To manage your Office 365 better, you can use Kernel Export Office 365 to PST software will help you keep the mailbox available even when the account is not allowing you to log in. The free methods to Office 365 Backup can store only a limited data, but not the complete information. Kernel Export Office 365 to PST covers entire mailbox and saves primary, shared, and public folder also.