OWA + 440 login timeout error
** I think I asked this question in the wrong area previously so appologies for the double post **
Hi,
The enviroment is Windows SBS 2003.
Yesterday I created an ftp dropbox to allow anonymous uploads to our server, when I did this I also renamed the IUSR account name from its 'out of the box' computer name to something more relevant to our domain. I didn't expect this to cause problems but since having done this when I try to login to OWA I am given the certificate then after accepting get 440 Login Timeout Error. This happens even when using http://localhost/exchange.
I also re-ran the ICW hoping this would re-configure the relevant authentication settings to the new account name but it hasnt helped.
Exchange is using FBA
Is there any other information which would help, or does anyone know where to look?
Hi,
The enviroment is Windows SBS 2003.
Yesterday I created an ftp dropbox to allow anonymous uploads to our server, when I did this I also renamed the IUSR account name from its 'out of the box' computer name to something more relevant to our domain. I didn't expect this to cause problems but since having done this when I try to login to OWA I am given the certificate then after accepting get 440 Login Timeout Error. This happens even when using http://localhost/exchange.
I also re-ran the ICW hoping this would re-configure the relevant authentication settings to the new account name but it hasnt helped.
Exchange is using FBA
Is there any other information which would help, or does anyone know where to look?
ASKER
Jeff,
Firstly, thanks for the comments.
I have renamed the account back to its original name without any success.
FYI, the article I followed for the dropbox is... http://www.windowsnetworking.com/articles_tutorials/Creating-FTP-Drop-Site.html
Obviously this article doesnt tell you to rename the IUSR account, that was my own stupidity. But if you see the process which you go through to set it up maybe it could shed some light on the current problem?
As the urgency of this problem is escallating so are the points!
Firstly, thanks for the comments.
I have renamed the account back to its original name without any success.
FYI, the article I followed for the dropbox is... http://www.windowsnetworking.com/articles_tutorials/Creating-FTP-Drop-Site.html
Obviously this article doesnt tell you to rename the IUSR account, that was my own stupidity. But if you see the process which you go through to set it up maybe it could shed some light on the current problem?
As the urgency of this problem is escallating so are the points!
ASKER
Ok, got this one resolved. The reason why when I changed back to the old (original) IUSR account name that it didnt resolve the issue is that the password was out of sync between AD & IIS.
For anyone who has this problem here are the steps required to resolve it.
1) Open AD Users & Computers. Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password' Reset the password to anything you want (however, it can't be blank).
2) Open this User Account's properties and verify that the account is not locked out. Also, make sure that 'Password never expires' and 'User cannot change password' are selected.
3) Repeat steps 1 & 2 for the IWAM_<servername> account. Close AD Users & Computers.
4) Open Internet Information Services (Start | Administrative Tools)
5) Expand <servername> | Web Sites
6) Right-click on 'Default Web Site' and select Properties.
7) Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'
8) Enter the new password for the IUSR_<servername> account and click OK.
9) Enter the password again to confirm and click OK.
10) Click OK.
11) Open a command prompt and enter: iisreset
12) At the command prompt, enter the following commands:
cd c:\inetpub\adminscripts
adsutil SET w3svc/WAMUserPass <password> (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
c:\windows\system32\cscrip
iisreset
Once you have all of this done authentication should work no problems.
Thanks Jeff for you help. I don't yet want to close this question because of your comments on the ftp dropbox. Would you, if you dont mind look through the link I gave above to see if you still think that with the security applied the ftp dropbox is still a bad idea.
Your help/comments would be very much appreciated.
Regards
Adam
For anyone who has this problem here are the steps required to resolve it.
1) Open AD Users & Computers. Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password' Reset the password to anything you want (however, it can't be blank).
2) Open this User Account's properties and verify that the account is not locked out. Also, make sure that 'Password never expires' and 'User cannot change password' are selected.
3) Repeat steps 1 & 2 for the IWAM_<servername> account. Close AD Users & Computers.
4) Open Internet Information Services (Start | Administrative Tools)
5) Expand <servername> | Web Sites
6) Right-click on 'Default Web Site' and select Properties.
7) Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'
8) Enter the new password for the IUSR_<servername> account and click OK.
9) Enter the password again to confirm and click OK.
10) Click OK.
11) Open a command prompt and enter: iisreset
12) At the command prompt, enter the following commands:
cd c:\inetpub\adminscripts
adsutil SET w3svc/WAMUserPass <password> (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
c:\windows\system32\cscrip
iisreset
Once you have all of this done authentication should work no problems.
Thanks Jeff for you help. I don't yet want to close this question because of your comments on the ftp dropbox. Would you, if you dont mind look through the link I gave above to see if you still think that with the security applied the ftp dropbox is still a bad idea.
Your help/comments would be very much appreciated.
Regards
Adam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok Jeff. As ever your info is MUCH appreciated.
Points awarded for positive, useful information.
Regards
Adam
Points awarded for positive, useful information.
Regards
Adam
I applied the accepted solution in my scenario, but it did not work. However this article did http://support.microsoft.com/kb/917686
If you want people to be able to anonymously upload files to your server you should understand that would allow root kits and trojans to be uploaded as well. Root Kits are used by people who want to steal your computing power/storage/bandwidth, and trojans are often used by spammers to use your server as a relay. Both are highly insecure and bad for you as well as the rest of us.
The better way to handle file uploads would be to use SharePoint, which can be set to filter specific types of files and would be more secure than a completely open ftp: https://www.microsoft.com/downloads/details.aspx?familyid=B51DCB25-0C63-4561-B981-9A3C860B9F15&displaylang=en
Jeff
TechSoEasy