Solved

Unable to login with OWA.

Posted on 2004-04-22
40
2,475 Views
Last Modified: 2009-12-16
Event Type:      Warning
Event Source:      W3SVC
Event Category:      None
Event ID:      100
Date:            4/22/2004
Time:            12:49:31 PM
User:            N/A
Computer:      MAIL1
Description:
The server was unable to logon the Windows NT account 'abean' due to the following error: Logon failure: unknown user name or bad password.  The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Data:
0000: 2e 05 00 00               ....    

This is the error being generated on our mail server. When i attempt to login into OWA, I recieve the following after 3 failed login attempts a; HTTP/1.0 401 Unauthorized.

I am the only person in the company with this problem.

I have recreated my profile several times to no avail. I have created new dummy profiles, and those work fine. I have completely deleted my profile and mailbox as well. All of my permissions are set correctly. I even gave myself all of the available permissions with no luck. When I created myself a new profile, as well as a dummy profile, they were 100% identical except for the name. Yet the dummy worked, and mine didnt.

Anyone have any thoughts on this bizarre problem?
0
Comment
Question by:MrBean
  • 20
  • 11
  • 5
  • +3
40 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10891205
Sounds like your profile is corrupt then.

Can you create a new profile and manually move everything over.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10891206
Sounds like your profile is corrupt then.

Can you create a new profile and manually move everything over.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10891215
0
 

Author Comment

by:MrBean
ID: 10891447
I've created a new profile several times. I can created a new profile, but it would be with a dfferent name.

I've also tried all that from eventid, and m$ to no avail.
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 100 total points
ID: 10891746
Ok.....make a copy of your profile for backup purposes.

Delete the user and recreate it.

Manually copy only the stuff you need back into the profile.
0
 
LVL 1

Expert Comment

by:salberd
ID: 10891840
Your are logging into OWA correct?  What version?

What "Profile" are you deleting?

Also do you have access to HTTP/OWA protocol?

Regards,

Scott
0
 

Author Comment

by:MrBean
ID: 10891874
Yes, OWA

2000, SP3

The only HTTP access I found was in ESM / Admin Group / Server / name / protocol / http. These apply globally and not individually.

Did not see an OWA though .... are these something that can be specified per user? All i am seeing is global functions ...
0
 

Author Comment

by:MrBean
ID: 10891899
Ok, I found HTTP settings per user, and yes, they're enabled.

No one has a "OWA" protocol though
0
 
LVL 1

Expert Comment

by:salberd
ID: 10891955
There is not an OWA.  As long as they have HTTP the should be fine.  Select HTTP > settings.  Make sure Enabled for this user is selected.

Do you have multiple Active Directory Servers?  Is the Exchange Server a DC?  You may what to make sure 1. password not expired on a ADC. 2. AD replication is working. 3. try changing password to the current password again, through User Manager.

Can you login into the email server via Outlook client?
0
 

Author Comment

by:MrBean
ID: 10891984
Yes, two AD servers. Yes, it is a DC.

I just tried resetting my password, no go there.

Yes, email works via Outlook client.

Confusing no?
0
 
LVL 1

Expert Comment

by:salberd
ID: 10892005
This sometime works.

What IE version?

If no domain name is supplied on login prompt do the following for the username:

USERNAME   -   DOMAINNAME\USERNAME
0
 

Author Comment

by:MrBean
ID: 10892133
IE 6.0

I've tried that as well ... no luck
0
 
LVL 2

Expert Comment

by:jonpaulr
ID: 10896612
Check this out:

Maybe you configured the admin account as the IIS_usr-account or something similar. this will force IIS to use your admin account for all unauthenticated accesses.

Or you could disable the anonymous logon option for your OWA server. This will force user authentication and in some cases users will be prompted by IE with a logon box.

Do the following:
Open computer management
Collapse Services & applications
Collapse Internet Information Service
Right click Default Website
Select properties
Select Tab Directory security
Click Edit for Anonmous access and authentication control
Deselect the 'Allow anonymous access'
Click apply.
close dialogs.

Do you have a local and a domain account with identical names?

Could be that there is a local root and a domain root that no longer are synchronized and this is causing your issue.

Also are you running WWW-service under an account instead of system?
 
There might be a place where the root-account is stored with an old password if you changed it recently.

- Do the IIS Directory security check for both the default web-site as well as the Exchange folder under it.
- In Exchange System Manager, open the server, open protocols, open HTTP and open the Exchange Virtual Server. Then select the properties for the Exchange folder. Check the Access tab, and then the settings under Authentication. Could be that the root Account is stored here.
0
 

Author Comment

by:MrBean
ID: 10898460
These are all settings that apply globally.

I am having issues with my username only. Everyone else is able to login fine to OWA, it's just my account that is not working ...
0
 

Author Comment

by:MrBean
ID: 10917929
Anyone?
0
 
LVL 1

Expert Comment

by:salberd
ID: 10918212
Have you tried this?

1. Delete your user account.
2. Allow time for AD to sync.
3. Re-create your account, DO NOT chose the Create Exchange Mail Option.
4. Using EM, reconnect your mailbox from prior account to your new account.

Also have you tried to login from multiple pc's?  Just a thought?

Scott
0
 

Author Comment

by:MrBean
ID: 10919043
No, I have not tried that ... but I will

"AD"?

Yeah, have tried from 4 pc's
0
 
LVL 1

Expert Comment

by:salberd
ID: 10919260
AD - Active Directory
0
 

Author Comment

by:MrBean
ID: 10949863
Question ...

So I'm looking at the security properties of everyones folder (drive\domain\mbx\user).

Everyone's is identical, except for mine.

They all have : Admin, Username, Domain Admins, Enterprise Admins, Exchange Domain Servers, Mail$(domaon\mail1$) and S-1-5-21-2028559534-81544920-1264475144-1305 - (all denies)

I also have that, as well as S-1-5-21-2028559534-81544920-1264475144-3561 - (all allows). I can not remove it either :

"You cannot remove " S-1-5-21-2028559534-81544920-1264475144-3561" because this object is inherting from its parents. To remove " S-1-5-21-2028559534-81544920-1264475144-3561", you must prevent this object from inherting permissions, and then try removing " S-1-5-21-2028559534-81544920-1264475144-3561" again.



Am I onto something here?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10950532
Is your account granted the right to log on locally? I believe this has to be set for on the server to access OWA. Or your account in a group that has this membership? You could try adding your account to the servers local policy to allow log on locally that hosts OWA.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:MrBean
ID: 10950671
Where is this log on locally right?

But still, what about the fact that I have S-1-5-21-2028559534-81544920-1264475144-3561 - (all allows) under my security options for my inbox folder? No one else has this ... and I'm the ONLY one in the company that OWA doesnt work for
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10950863
Im not totally sure what that is. It looks like a unknown SID that is still hanging on your profile or something.

This thread is getting pretty long- LOL...did we try deleting and recreating your mailbox and your user entirely? I think that might be it. It looks like there might be an old account association with that mailbox so I recommend deleting the mailbox.

To check the local security policy do Start ==> run ==> gpedit.msc and click ok from the server itself that hosts the OWA.

Then Expand...

+User Config
 +windows Settings
  +security settings
   +Local policies
    +User Rights Assignment

And double click and assign users or groups to "Log on Locally."

You might also wanna check to make sure "Deny Log on Locally" is not blocking your user.
0
 

Author Comment

by:MrBean
ID: 10951262
Ok, for some reason, in "log on locally" I was the only actual user in their?! The user group is there, but my name showed up in there when no one else's did!?

Still unable to access OWA

I will recreate my profile shortly. But you do recommend getting rid of everything in AD and Exchange then?
0
 

Author Comment

by:MrBean
ID: 10951328
Local Policy Setting was enabled, I just removed the check, and now my name is gone.

I would think that everyone would need this right no? Because technically right now, no one has it ... ? Im confused
0
 

Author Comment

by:MrBean
ID: 10951565
Ok, I just deleted my account from AD, as well as removed my mailbox.

Yet, when I open ESM, my mailbox is still present? Its also still there on the harddrive fo the mail server.

Do I just wait it out a little bit?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10951919
Yea give it a good 15-30 mins for propation....
0
 

Author Comment

by:MrBean
ID: 10951929
Ok, account is back up ....

I also have to wait for my mailbox to be created as well correct?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10951987
Yes, you asked for one to be created right?
0
 

Author Comment

by:MrBean
ID: 10952001
That is correct.

I will post results shortly, thanks
0
 

Author Comment

by:MrBean
ID: 10952132
hmmmm ... been almost 20 minutes now, and ESM still isn't show me a new mailbox
0
 

Author Comment

by:MrBean
ID: 10952148
And my mailbox rights (in AD) are only showing "Self"

Should I manually update this, or will it be done automatically?
0
 

Author Comment

by:MrBean
ID: 10952469
45+ mins now .... still no mailbox, and mailbox rights in AD still showing SELF.

Unsure how to proceed
0
 

Author Comment

by:MrBean
ID: 10952821
Ok, I now have a brand new mailbox and AD account

Yet ... OWA is still not working!!! :(
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10955165
Argh....and from memory you cant log in with this on any other machines right as well?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10955168
My only other alternative would be to recommend a different email address.
0
 

Author Comment

by:MrBean
ID: 10963284
:sigh:

Nothing left to check?

Im really thinking it has to do with the security of the physical email folder for myself?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 10963434
Not sure....you could link a 20 pointer question in the Exchange topic area and give this URL...get some more Exchange experts in on it.
0
 

Expert Comment

by:bencher
ID: 11205645
Cancel after one login, then refresh the page. You will see your email.
0
 
LVL 1

Expert Comment

by:TangarineIT
ID: 22358804
ok great..... when a user ANY user access https://myipaddress.ie/exchange they get the OWA page.

Yet when they put in their usernam &  password it claims that you could not be logged onto OWA makes sure your domain/username and password are correct and then try again

this happens on ALL accounts.....
0
 
LVL 1

Expert Comment

by:TangarineIT
ID: 22358817
sorry added to the wrong question!! sorry
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now