Unable to login with OWA.

Event Type:      Warning
Event Source:      W3SVC
Event Category:      None
Event ID:      100
Date:            4/22/2004
Time:            12:49:31 PM
User:            N/A
Computer:      MAIL1
Description:
The server was unable to logon the Windows NT account 'abean' due to the following error: Logon failure: unknown user name or bad password.  The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Data:
0000: 2e 05 00 00               ....    

This is the error being generated on our mail server. When i attempt to login into OWA, I recieve the following after 3 failed login attempts a; HTTP/1.0 401 Unauthorized.

I am the only person in the company with this problem.

I have recreated my profile several times to no avail. I have created new dummy profiles, and those work fine. I have completely deleted my profile and mailbox as well. All of my permissions are set correctly. I even gave myself all of the available permissions with no luck. When I created myself a new profile, as well as a dummy profile, they were 100% identical except for the name. Yet the dummy worked, and mine didnt.

Anyone have any thoughts on this bizarre problem?
MrBeanAsked:
Who is Participating?
 
Gareth GudgerConnect With a Mentor Commented:
Ok.....make a copy of your profile for backup purposes.

Delete the user and recreate it.

Manually copy only the stuff you need back into the profile.
0
 
Gareth GudgerCommented:
Sounds like your profile is corrupt then.

Can you create a new profile and manually move everything over.
0
 
Gareth GudgerCommented:
Sounds like your profile is corrupt then.

Can you create a new profile and manually move everything over.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Gareth GudgerCommented:
0
 
MrBeanAuthor Commented:
I've created a new profile several times. I can created a new profile, but it would be with a dfferent name.

I've also tried all that from eventid, and m$ to no avail.
0
 
salberdCommented:
Your are logging into OWA correct?  What version?

What "Profile" are you deleting?

Also do you have access to HTTP/OWA protocol?

Regards,

Scott
0
 
MrBeanAuthor Commented:
Yes, OWA

2000, SP3

The only HTTP access I found was in ESM / Admin Group / Server / name / protocol / http. These apply globally and not individually.

Did not see an OWA though .... are these something that can be specified per user? All i am seeing is global functions ...
0
 
MrBeanAuthor Commented:
Ok, I found HTTP settings per user, and yes, they're enabled.

No one has a "OWA" protocol though
0
 
salberdCommented:
There is not an OWA.  As long as they have HTTP the should be fine.  Select HTTP > settings.  Make sure Enabled for this user is selected.

Do you have multiple Active Directory Servers?  Is the Exchange Server a DC?  You may what to make sure 1. password not expired on a ADC. 2. AD replication is working. 3. try changing password to the current password again, through User Manager.

Can you login into the email server via Outlook client?
0
 
MrBeanAuthor Commented:
Yes, two AD servers. Yes, it is a DC.

I just tried resetting my password, no go there.

Yes, email works via Outlook client.

Confusing no?
0
 
salberdCommented:
This sometime works.

What IE version?

If no domain name is supplied on login prompt do the following for the username:

USERNAME   -   DOMAINNAME\USERNAME
0
 
MrBeanAuthor Commented:
IE 6.0

I've tried that as well ... no luck
0
 
jonpaulrCommented:
Check this out:

Maybe you configured the admin account as the IIS_usr-account or something similar. this will force IIS to use your admin account for all unauthenticated accesses.

Or you could disable the anonymous logon option for your OWA server. This will force user authentication and in some cases users will be prompted by IE with a logon box.

Do the following:
Open computer management
Collapse Services & applications
Collapse Internet Information Service
Right click Default Website
Select properties
Select Tab Directory security
Click Edit for Anonmous access and authentication control
Deselect the 'Allow anonymous access'
Click apply.
close dialogs.

Do you have a local and a domain account with identical names?

Could be that there is a local root and a domain root that no longer are synchronized and this is causing your issue.

Also are you running WWW-service under an account instead of system?
 
There might be a place where the root-account is stored with an old password if you changed it recently.

- Do the IIS Directory security check for both the default web-site as well as the Exchange folder under it.
- In Exchange System Manager, open the server, open protocols, open HTTP and open the Exchange Virtual Server. Then select the properties for the Exchange folder. Check the Access tab, and then the settings under Authentication. Could be that the root Account is stored here.
0
 
MrBeanAuthor Commented:
These are all settings that apply globally.

I am having issues with my username only. Everyone else is able to login fine to OWA, it's just my account that is not working ...
0
 
MrBeanAuthor Commented:
Anyone?
0
 
salberdCommented:
Have you tried this?

1. Delete your user account.
2. Allow time for AD to sync.
3. Re-create your account, DO NOT chose the Create Exchange Mail Option.
4. Using EM, reconnect your mailbox from prior account to your new account.

Also have you tried to login from multiple pc's?  Just a thought?

Scott
0
 
MrBeanAuthor Commented:
No, I have not tried that ... but I will

"AD"?

Yeah, have tried from 4 pc's
0
 
salberdCommented:
AD - Active Directory
0
 
MrBeanAuthor Commented:
Question ...

So I'm looking at the security properties of everyones folder (drive\domain\mbx\user).

Everyone's is identical, except for mine.

They all have : Admin, Username, Domain Admins, Enterprise Admins, Exchange Domain Servers, Mail$(domaon\mail1$) and S-1-5-21-2028559534-81544920-1264475144-1305 - (all denies)

I also have that, as well as S-1-5-21-2028559534-81544920-1264475144-3561 - (all allows). I can not remove it either :

"You cannot remove " S-1-5-21-2028559534-81544920-1264475144-3561" because this object is inherting from its parents. To remove " S-1-5-21-2028559534-81544920-1264475144-3561", you must prevent this object from inherting permissions, and then try removing " S-1-5-21-2028559534-81544920-1264475144-3561" again.



Am I onto something here?
0
 
Gareth GudgerCommented:
Is your account granted the right to log on locally? I believe this has to be set for on the server to access OWA. Or your account in a group that has this membership? You could try adding your account to the servers local policy to allow log on locally that hosts OWA.
0
 
MrBeanAuthor Commented:
Where is this log on locally right?

But still, what about the fact that I have S-1-5-21-2028559534-81544920-1264475144-3561 - (all allows) under my security options for my inbox folder? No one else has this ... and I'm the ONLY one in the company that OWA doesnt work for
0
 
Gareth GudgerCommented:
Im not totally sure what that is. It looks like a unknown SID that is still hanging on your profile or something.

This thread is getting pretty long- LOL...did we try deleting and recreating your mailbox and your user entirely? I think that might be it. It looks like there might be an old account association with that mailbox so I recommend deleting the mailbox.

To check the local security policy do Start ==> run ==> gpedit.msc and click ok from the server itself that hosts the OWA.

Then Expand...

+User Config
 +windows Settings
  +security settings
   +Local policies
    +User Rights Assignment

And double click and assign users or groups to "Log on Locally."

You might also wanna check to make sure "Deny Log on Locally" is not blocking your user.
0
 
MrBeanAuthor Commented:
Ok, for some reason, in "log on locally" I was the only actual user in their?! The user group is there, but my name showed up in there when no one else's did!?

Still unable to access OWA

I will recreate my profile shortly. But you do recommend getting rid of everything in AD and Exchange then?
0
 
MrBeanAuthor Commented:
Local Policy Setting was enabled, I just removed the check, and now my name is gone.

I would think that everyone would need this right no? Because technically right now, no one has it ... ? Im confused
0
 
MrBeanAuthor Commented:
Ok, I just deleted my account from AD, as well as removed my mailbox.

Yet, when I open ESM, my mailbox is still present? Its also still there on the harddrive fo the mail server.

Do I just wait it out a little bit?
0
 
Gareth GudgerCommented:
Yea give it a good 15-30 mins for propation....
0
 
MrBeanAuthor Commented:
Ok, account is back up ....

I also have to wait for my mailbox to be created as well correct?
0
 
Gareth GudgerCommented:
Yes, you asked for one to be created right?
0
 
MrBeanAuthor Commented:
That is correct.

I will post results shortly, thanks
0
 
MrBeanAuthor Commented:
hmmmm ... been almost 20 minutes now, and ESM still isn't show me a new mailbox
0
 
MrBeanAuthor Commented:
And my mailbox rights (in AD) are only showing "Self"

Should I manually update this, or will it be done automatically?
0
 
MrBeanAuthor Commented:
45+ mins now .... still no mailbox, and mailbox rights in AD still showing SELF.

Unsure how to proceed
0
 
MrBeanAuthor Commented:
Ok, I now have a brand new mailbox and AD account

Yet ... OWA is still not working!!! :(
0
 
Gareth GudgerCommented:
Argh....and from memory you cant log in with this on any other machines right as well?
0
 
Gareth GudgerCommented:
My only other alternative would be to recommend a different email address.
0
 
MrBeanAuthor Commented:
:sigh:

Nothing left to check?

Im really thinking it has to do with the security of the physical email folder for myself?
0
 
Gareth GudgerCommented:
Not sure....you could link a 20 pointer question in the Exchange topic area and give this URL...get some more Exchange experts in on it.
0
 
bencherCommented:
Cancel after one login, then refresh the page. You will see your email.
0
 
TangarineITCommented:
ok great..... when a user ANY user access https://myipaddress.ie/exchange they get the OWA page.

Yet when they put in their usernam &  password it claims that you could not be logged onto OWA makes sure your domain/username and password are correct and then try again

this happens on ALL accounts.....
0
 
TangarineITCommented:
sorry added to the wrong question!! sorry
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.