Go Premium for a chance to win a PS4. Enter to Win


Outlook Web Access 2003 - Random "Page Not Found" errors when viewing messages

Posted on 2004-04-23
Medium Priority
Last Modified: 2012-06-21
I have a Small Biz Server 2003 server with Exchange 2003 and OWA enabled.  It's been working great for about three months now, but I'm now seeing very strange problems within the OWA session.

Using forms-based authentication, I can access the OWA logon page and sign in just fine.  I can click on a message in the Inbox and view it through Reading Pane or by opening the message.  But about 40% of the messages display a generic HTTP 404 "Page Not Found" error in the Reading Pane and when fully opening the message.

There's no pattern to which messages work and which don't, and the frequency varies by mailbox.  Another user can't view any new messages from the past 7 days, but all his older messages are accessible.

The Outlook 2003 client can access all the mailboxes and doesn't have a problem reading the messages that OWA can't display.

It doesn't appear to be a permissions issue (though I've been known to be wrong :) ), so I don't want to start messing around with permissions until I get a better idea of how it's even possible that seemingly random messages can't be displayed in OWA when IIS is accessing the same folder/share (\\.\BackOfficeServer\domain\MBX) to retrieve the message.
Question by:dane_m
LVL 23

Expert Comment

ID: 10907730

Seems like a problem with your IIS. Try restarting the IIS server where OWA is located, maybe this resolves your issue..

Author Comment

ID: 10908993
I tried every level of restarting, from the IIS server, to the Exchange server, then to rebooting the entire SBS box, but nothing changed.  The same messages still show as "Page not found".

I think I found the pattern.  Any message with an embedded link has the "Page not found" error.  And for messages with attachments (but no links in the message body) I can try to open the attachment and get a "Page not found" error as well.

Sounds like a permissions problem somewhere in IIS.  Any ideas where to look?

Author Comment

ID: 10909087
Fixed.  It was a permissions problem somewhere.  I went through the Exchange folders and reset everything to what I think is correct.  Speaking of which, I have yet to find a document that accurately describes the necessary permissions for the Exchange/Exadmin/ExchWeb folders in IIS for OWA to work.  Here's what I reset it to:

- All virtual dirs are SSL required.
- Using only one server, so added NetBIOS default domain on all virtual dirs.
- All permissions have been applied to respective child dirs.

Exchange - No anonymous, Basic auth (nothing else selected)
Exadmin - Anonymous, Basic auth (nothing else selected)
ExchWeb - Anonymous, Basic auth (nothing else selected)
Public - No anonymous, Basic auth (nothing else selected)

Do these permissions make sense?  Am I giving out too much anonymous access to some of these directories that would affect the security of the OWA site/server?

500 points to the best answer. :)
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 10909112
Spoke too soon.  It's broken again.  I just restarted IIS to verify it would work on a reboot and it didn't like that.  OWA and IIS are a bit too finicky. :(

I'm certainly certain that all the messages not displayed in OWA have either embedded attachments in the message body, or embedded links.  Messages with attachments not embedded in the body will open up, but trying to open the attachment will result in a "Page not found" as well.

Author Comment

ID: 10909848
I will never use the word "certain" again, when referring to Microsoft products. :)  Here's the latest:

I can't open a message that contains the following in the subject line:

Two or more periods (...)
A period and a forwardslash (./)
backslash (\)
Colon (:)
Percent sign (%)
Ampersand (&)

Information I've collected refers to this as character blocking as part of the URLScan application which can be installed with IIS.  But I never installed URLScan and it's not currently on the system.  The only unique factor I can find is that I'm running this on a Small Business Server 2003 box.

For troubleshooting purposes, I have installed the exact same configuration (Win2k3/Exch2k3/OWA) on another server, but used standalone Windows Server and Exchange software (not SBS).

The Win2003/Exch2003 server does not experience the character blocking that the SBS2003 server does, and neither have URLScan installed.

I'm guessing that SBS2003 is blocking these by default without the need for URLScan, so I'm looking for suggestions to where the character blocking can be disabled.
LVL 23

Expert Comment

ID: 10911029

I found this on a forum, it might help. I'm still looking a bit more into it, but i never worked with SBS. I like to work with the complete products, this somehow works better... And as you might know by now, never trust Microsoft **** until it is tested and tested or about 10 years old, then it should be working.. ;)

Try as hard as you will to get your sbs2003 server to run remote web workplace and owa, you will not get very far if your isp has acess contol lists blocking inbound ports at the routers. Very responsible of them but not very fun for faultfinding.

For anyone that is having trouble getting SBS2003 web access running, ensure that the following inbound ports are open at the ISP, the firewall (if you have one) and the 2003 server:

21 FTP Enables external and internal file transfer
25 Exchange Server Enables incoming and outgoing SMTP mail
80 (http://) IIS Enables all nonsecure browser access, including: internal access to IIS Webs including the company Web, Windows SharePoint Web, Windows SharePoint administration Web, and server monitoring and usage reports Enables internal access to Exchange by OWA and OMA clients
110 POP3 Enables Exchange to accept incoming POP3 mail
123 (UDP port) NTP Enables the system to synchronize time with an external Network Time Protocol (NTP) server
143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages
220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages
443 (https://) Outlook Enables all secure browser access, including external access to Exchange for Outlook 2003, OWA, and OMA clients; required for external access to server monitoring and usage reports
444 Windows Share Point Services Enables internal and external access to the SharePoint Web
500 IPSec Enables external VPN connections by using IPSec
1701 L2TP clients Enables external L2TP VPN connections
1723 PPTP clients Enables external PPTP VPN connections
3389 Terminal Services Enables internal and external Terminal Services client connections
4125 (Note: you can change this port in RRAS) Remote Web Workplace Enables external OWA access to Exchange, plus internal and external HTTPS access to the client Web site
4500 IPSec Internet Key Exchange (IKE) Network Address Translation (NAT) traversal

Good luck and drop me a line if you have any questions on SBS2003.

Cheers, G.
LVL 23

Expert Comment

ID: 10911045
LVL 24

Expert Comment

by:David Wilhoit
ID: 10914828
Here's some default perm settings for IIS and OWA, I'll find something more and post it later...



Author Comment

ID: 10968978
I found the solution.  It was the lack of Integrated Auth enabled for the Exchange vdir.  Still not sure why that caused these symptoms, but it's working now!  None of the MS KB articles or other info I found mentioned the need for Integrated Auth for OWA to work.  The odd thing is that I have another server that has Integrated Auth disabled on the entire web site and OWA works fine.  It might be an SBS thing.

Please close this question.  Thanks.

Accepted Solution

CetusMOD earned 0 total points
ID: 11225930
PAQed, with points refunded (500)

Community Support Moderator

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question