Solved

Outlook Web Access 2003 - Random "Page Not Found" errors when viewing messages

Posted on 2004-04-23
11
1,494 Views
Last Modified: 2012-06-21
I have a Small Biz Server 2003 server with Exchange 2003 and OWA enabled.  It's been working great for about three months now, but I'm now seeing very strange problems within the OWA session.

Using forms-based authentication, I can access the OWA logon page and sign in just fine.  I can click on a message in the Inbox and view it through Reading Pane or by opening the message.  But about 40% of the messages display a generic HTTP 404 "Page Not Found" error in the Reading Pane and when fully opening the message.

There's no pattern to which messages work and which don't, and the frequency varies by mailbox.  Another user can't view any new messages from the past 7 days, but all his older messages are accessible.

The Outlook 2003 client can access all the mailboxes and doesn't have a problem reading the messages that OWA can't display.

It doesn't appear to be a permissions issue (though I've been known to be wrong :) ), so I don't want to start messing around with permissions until I get a better idea of how it's even possible that seemingly random messages can't be displayed in OWA when IIS is accessing the same folder/share (\\.\BackOfficeServer\domain\MBX) to retrieve the message.
0
Comment
Question by:dane_m
11 Comments
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Seems like a problem with your IIS. Try restarting the IIS server where OWA is located, maybe this resolves your issue..
0
 

Author Comment

by:dane_m
Comment Utility
I tried every level of restarting, from the IIS server, to the Exchange server, then to rebooting the entire SBS box, but nothing changed.  The same messages still show as "Page not found".

I think I found the pattern.  Any message with an embedded link has the "Page not found" error.  And for messages with attachments (but no links in the message body) I can try to open the attachment and get a "Page not found" error as well.

Sounds like a permissions problem somewhere in IIS.  Any ideas where to look?
0
 

Author Comment

by:dane_m
Comment Utility
Fixed.  It was a permissions problem somewhere.  I went through the Exchange folders and reset everything to what I think is correct.  Speaking of which, I have yet to find a document that accurately describes the necessary permissions for the Exchange/Exadmin/ExchWeb folders in IIS for OWA to work.  Here's what I reset it to:

- All virtual dirs are SSL required.
- Using only one server, so added NetBIOS default domain on all virtual dirs.
- All permissions have been applied to respective child dirs.

Exchange - No anonymous, Basic auth (nothing else selected)
Exadmin - Anonymous, Basic auth (nothing else selected)
ExchWeb - Anonymous, Basic auth (nothing else selected)
Public - No anonymous, Basic auth (nothing else selected)

Do these permissions make sense?  Am I giving out too much anonymous access to some of these directories that would affect the security of the OWA site/server?

500 points to the best answer. :)
0
 

Author Comment

by:dane_m
Comment Utility
Spoke too soon.  It's broken again.  I just restarted IIS to verify it would work on a reboot and it didn't like that.  OWA and IIS are a bit too finicky. :(

I'm certainly certain that all the messages not displayed in OWA have either embedded attachments in the message body, or embedded links.  Messages with attachments not embedded in the body will open up, but trying to open the attachment will result in a "Page not found" as well.
0
 

Author Comment

by:dane_m
Comment Utility
I will never use the word "certain" again, when referring to Microsoft products. :)  Here's the latest:

I can't open a message that contains the following in the subject line:

Two or more periods (...)
A period and a forwardslash (./)
backslash (\)
Colon (:)
Percent sign (%)
Ampersand (&)

Information I've collected refers to this as character blocking as part of the URLScan application which can be installed with IIS.  But I never installed URLScan and it's not currently on the system.  The only unique factor I can find is that I'm running this on a Small Business Server 2003 box.

For troubleshooting purposes, I have installed the exact same configuration (Win2k3/Exch2k3/OWA) on another server, but used standalone Windows Server and Exchange software (not SBS).

The Win2003/Exch2003 server does not experience the character blocking that the SBS2003 server does, and neither have URLScan installed.

I'm guessing that SBS2003 is blocking these by default without the need for URLScan, so I'm looking for suggestions to where the character blocking can be disabled.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

I found this on a forum, it might help. I'm still looking a bit more into it, but i never worked with SBS. I like to work with the complete products, this somehow works better... And as you might know by now, never trust Microsoft **** until it is tested and tested or about 10 years old, then it should be working.. ;)

Try as hard as you will to get your sbs2003 server to run remote web workplace and owa, you will not get very far if your isp has acess contol lists blocking inbound ports at the routers. Very responsible of them but not very fun for faultfinding.

For anyone that is having trouble getting SBS2003 web access running, ensure that the following inbound ports are open at the ISP, the firewall (if you have one) and the 2003 server:

21 FTP Enables external and internal file transfer
25 Exchange Server Enables incoming and outgoing SMTP mail
80 (http://) IIS Enables all nonsecure browser access, including: internal access to IIS Webs including the company Web, Windows SharePoint Web, Windows SharePoint administration Web, and server monitoring and usage reports Enables internal access to Exchange by OWA and OMA clients
110 POP3 Enables Exchange to accept incoming POP3 mail
123 (UDP port) NTP Enables the system to synchronize time with an external Network Time Protocol (NTP) server
143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages
220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages
443 (https://) Outlook Enables all secure browser access, including external access to Exchange for Outlook 2003, OWA, and OMA clients; required for external access to server monitoring and usage reports
444 Windows Share Point Services Enables internal and external access to the SharePoint Web
500 IPSec Enables external VPN connections by using IPSec
1701 L2TP clients Enables external L2TP VPN connections
1723 PPTP clients Enables external PPTP VPN connections
3389 Terminal Services Enables internal and external Terminal Services client connections
4125 (Note: you can change this port in RRAS) Remote Web Workplace Enables external OWA access to Exchange, plus internal and external HTTPS access to the client Web site
4500 IPSec Internet Key Exchange (IKE) Network Address Translation (NAT) traversal

Good luck and drop me a line if you have any questions on SBS2003.

Cheers, G.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
0
 
LVL 24

Expert Comment

by:David Wilhoit
Comment Utility
Here's some default perm settings for IIS and OWA, I'll find something more and post it later...

http://support.microsoft.com/default.aspx?scid=kb;en-us;301428

d
0
 

Author Comment

by:dane_m
Comment Utility
I found the solution.  It was the lack of Integrated Auth enabled for the Exchange vdir.  Still not sure why that caused these symptoms, but it's working now!  None of the MS KB articles or other info I found mentioned the need for Integrated Auth for OWA to work.  The odd thing is that I have another server that has Integrated Auth disabled on the entire web site and OWA works fine.  It might be an SBS thing.

Please close this question.  Thanks.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
Comment Utility
PAQed, with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now