Solved

OWA asks for password to internal users

Posted on 2004-08-18
16
237 Views
Last Modified: 2010-04-11
Windows authentication is checked for the exchange directory in iis on the mail server.  No changes have been made and now internal users get a logon box when connecting to outlook web access.

Anyone know what causes this?

THanks in advance!
0
Comment
Question by:zenportafino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
16 Comments
 
LVL 2

Expert Comment

by:Blister252
ID: 11833756
First of all, I have caused myself nothing but sorrow by messing with the IIS server on an Exchange box. So, try to stay away from that if you can.

My question is if the users are Win XP Pro or Win2k Pro are thier passwords expired? This has been a problem for me in the past.

Have you tried using Outlook to connect?
0
 
LVL 1

Expert Comment

by:Serpent77
ID: 11834585
Make sure to have integrated windows auth checked on the ExchWeb virtual directory as well, thats where most of the real work is done in OWA and OMA (probably active sync server as well)

--Serp
0
 
LVL 1

Author Comment

by:zenportafino
ID: 11834713
In the past I've restarted IIS and it would clear up the issue.  There are no errors or red stop signs on the exchange virtual servers. Anonymous and windows integrated methods are checked for the default site and only windows integrated is checked for the exchweb virtual directory.  No errors other than a very occasional 9582 in the event log (virtual memory) which is normal for us an clears up with a boot time defrag every once in a while.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 1

Author Comment

by:zenportafino
ID: 11834731
By the way this is exchange 2000 server standard and the users are not disabled and passwords do not expire.

0
 
LVL 2

Expert Comment

by:Blister252
ID: 11834807
This is Exchange 2000 Standard, and you don't have any Red stop signs in your IIS? That is a problem. By design they are supposed to be on the Red Stop sign. I was told by an Exchange instructor that this was to remind you to leave these virtual servers alone.

You might need to reinstall Exchange.
I'll do some searches on Technet and get back to you.
0
 
LVL 2

Expert Comment

by:Blister252
ID: 11834963
Nevermind about what I said about the Stop Signs, they are caused because IIS starts before Exchange and the path to the Exchange directory isn't there yet. I learned something today.

Have your done anything with the IIS server on that machine? I've seen the IIS server config get corrupted and have to be reintalled and reattached to Exchange. You might want to try this.

1. Go into Add/Remove Programs.
2. Under Add/Remove Windows components find the IIS server and remove it.
3. Reboot the Exchange server.
4. Go back to the Add/Remove Programs and re add the IIS server.
5. In the Exhange Service pack under the bin folder find and copy smtpreinstall.exe to the same folder on your production Exchange server.
6. Run smtpreinstall.exe. This will re-attach your IIS server to Exchange.

Give that a try.
0
 
LVL 2

Expert Comment

by:Blister252
ID: 11835010
Sorry here is the location of the file. Smtpreinstall.exe is in the \Server\Support\Utils\i386 folder on the Exchange 2000 SP2 or later SP.

Here is the Technet article - http://support.microsoft.com/default.aspx?kbid=290290
0
 
LVL 2

Expert Comment

by:Blister252
ID: 11835086
I just re-read everything, and for your problem you should follow step 1 - 4 then run the Exchange setup and choose the REINSTALL option. Then reapply the latest service pack. I don't know why I got all caught up with the SMTP reinstall.
0
 
LVL 1

Author Comment

by:zenportafino
ID: 11836011
Blister252, Thanks for all of the leg work but I really don't have any other supporting evidence that iis is corrupt or that there is a problem with exchange.  Restarting iis does map the virtual directories to where they need to go without a problem.  I think (for now)that this is an authentication issue and that I may have settings that I might not need or need to change.

I'm not 100% sure of not having anonymous checked or letting iis control the password does.

0
 
LVL 2

Expert Comment

by:Blister252
ID: 11836073
I realize that your Exchange probably isn't corrupted. Re-installing IIS then Exchange would simply refresh all the settings for the OWA web site.

I ran into a similar problem with my Exchange server, and it turned out that my IIS hive was corrupted, just not corrupted enought to blow up the whole IIS server.

So, if someone had gotten into the IIS server where Exchange is installed, and messed with the secutity settings reinstalling might fix the problem. That is why I suggested it.
0
 
LVL 1

Author Comment

by:zenportafino
ID: 11836241
Thanks again Blister.  I do appreciate your input.  Now, I have found that it's working for domain admins but not for users - yet another permissions/authentication sign.  Anyone have a simple checklist of how permissions should be set on exchange and iis for owa to work internally without providing credentials?
0
 
LVL 1

Author Comment

by:zenportafino
ID: 11836264
Serpent - anon and integrated are enabled on exchweb dir. Anything I should check on system folders or global settings?
0
 
LVL 1

Expert Comment

by:Serpent77
ID: 11838193
I'm pretty sure you have to disable the anon access, and enable basic and integrated.  If anon is enabled, I think it takes precednt over the secured logons.

--Serp
0
 
LVL 1

Author Comment

by:zenportafino
ID: 11970572
If iis with exchange starts up and no DC's are available this will happen. Probably due to the systems rebooting automatically after an update.

I simply reboot the iis server and the issue goes away.

0
 

Accepted Solution

by:
RomMod earned 0 total points
ID: 11998293
The question has been PAQ'd and the 300 points have been refunded.
RomMod
Community Support Moderator
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RHEL6 + dockers - No route to host 7 104
VMware:  Virtual switches and multiple NICs 9 135
192.168... network can't ping 18 36
Wannacry 44 108
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question