Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

OWA 2000 Authentication Retry

Posted on 2004-11-04
13
Medium Priority
?
476 Views
Last Modified: 2008-01-09
Hi.
Today I restarted my Exchange 2000 server, and it was succesfully start all services. All the IMAP clients can access ok to their mailboxes, but now, when I try to access through OWA, I receive the password popup, I type the password and the popup appears again!!!. If  I click "Cancel" to the second popup up, I can access normally. If I type again the password on the second popup, it appears again, and then I can access normally.
This happens from I have restart the server...

On the App Log, appears:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            04/11/2004
Time:            05:37:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
pepep.pepe@xxxxx.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=ABOGADOS/OU=BFM&L/CN=RECIPIENTS/CN=pepep. The folder ID is in the data section of this event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 0e 00 00 00 00 5a fb f2   .....Zûò

I never change the permissions, so I don't know why this error is appearing....

Thanks (sorry by my english)
0
Comment
Question by:bruchou10
  • 7
  • 6
13 Comments
 

Author Comment

by:bruchou10
ID: 12498393
Sorry, the client are MAPI (Outlook 2000), and not IMAP.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12498749
Have you tried my standard first response for OWA questions?

Check the authentication on the IIS manager for the Exchange virtual directories:
/exchange
/exchweb
/public
/exadmin

All should be basic and integrated ONLY.
In addition, /exchweb should also have anonymous access. No others should have anonymous.

Otherwise something has changed - Exchange doesn't make permissions changes on its own.
Installed anything new? What was the reason for the reboot?

Simon.
0
 

Author Comment

by:bruchou10
ID: 12499006
Permissions for:

/exchange
/exchweb
/public
/exadmin
are exactly as you describe.

Nothing has changed... OWA worked correctly.
The reason for the reboot was that some MAPI clients can not connect to Exchange Server, no errors were logged and I decided to restart my server to resolve this issue.
The starting for the services was normal, except one error was logged:

Event Type:      Error
Event Source:      MSExchangeFBPublish
Event Category:      General
Event ID:      8197
Date:            04/11/2004
Time:            04:08:00 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Error initializing session for virtual machine EXCH-SRV1. The error number is 0x8004011d. Make sure Microsoft Exchange Store is running.

For more information, click http://www.microsoft.com/contentredirect.asp.

And all clients could connect OK.

But late, appeared the error:

Event Type:      Error
Event Source:      MSExchangeIS Public Store
Event Category:      Logons
Event ID:      1024
Date:            04/11/2004
Time:            04:22:55 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
NT AUTHORITY\SYSTEM was unable to log on as NT AUTHORITY\SYSTEM to the Public Folder Store "First Storage Group\Public Folder Store

(EXCH-SRV1)".

For more information, click http://www.microsoft.com/contentredirect.asp.

This error was not appears again.


Then, I try to access th OWA and the authentication prompt appears three times, and I was logged in. In this moment, repeatedly appears:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            04/11/2004
Time:            05:12:39 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
pepe@xxxx.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read

Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=xxxx/OU=yyyy/CN=RECIPIENTS/CN=pepe. The folder ID is in the data section of this

event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 02 00 00 00 01 02 54 9f   ......TŸ


0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:bruchou10
ID: 12506921
Is there any way to restore all the mailbox permissions to its default permissions?
0
 

Author Comment

by:bruchou10
ID: 12523490
Is there any way to restore all the mailbox permissions to its default permissions?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12525409
No.
Once the permissions have been changed there is no way to get them back - except resetting them all by hand.

Simon.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12526430
For the last error, the closest I can get is this: http://support.microsoft.com/?kbid=325885. Usual cause is having diagnostic logging turned up too high.

The one about NT Authority\SYSTEM usually means that the account with that name has been removed from the store permissions. Usually caused by someone who doesn't know what their doing trying to "tighten" the security on their Exchange server.

As for the FBPublish error, there are a number of causes. Most of them are documented here: http://www.eventid.net/display.asp?eventid=8197

Apolgies for the delay, I have had a very busy weekend migrating 300 mailboxes to a new server and didn't have time to do the research.

Simon.
0
 

Author Comment

by:bruchou10
ID: 12526768
Thanks Sembee. I have read these articles, and , I think too this is caused by turning up the diagnostic logging, so I think this is not important.
Yersterday I have restarted all domain controllers in my domain (3), and Exhchange logged two rarely event.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2103
Date:            07/11/2004
Time:            09:25:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Process MAD.EXE (PID=1828). All Global Catalog Servers in use are not responding:
dc-srv1.bfmlym.local
dc-srv2.bfmlym.local
 

For more information, click http://www.microsoft.com/contentredirect.asp.


and...


Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2102
Date:            07/11/2004
Time:            09:25:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Process MAD.EXE (PID=1828). All Domain Controller Servers in use are not responding:
dc-srv1.bfmlym.local
dc-temporal.bfmlym.local
dc-srv2.bfmlym.local
 

For more information, click http://www.microsoft.com/contentredirect.asp.


I have three domain controllers (dc-srv1, dc-srv2 and dc-temporal) and two Global Catalogs (dc-srv1, dc-srv2). Why exchange do not switch to another global catalog while one of them was restarting? All clients hangs up, and they work fine again when the domain controller was started up completely.

Besides, today I changed my password, because it reach its age period. From there, Outlook (MAPI) prompt me my new password... as if it did not know my new password... and suddenly I logged ok, without prompt password.... I am disturbed...

I don know if all these events are relationed with the OWA popup authentication appears repeatedly...


Thanks again.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12528105
Exchange will change global catalog - but it is very slow. I have seen it take 40 minutes or more before it finds another one.
The password change issue sounds like replication issues. If you authenticated against one DC, but Exchange is using a different one, plus there is a replication error then you will get these issues.
I would start looking at the core domain to see whether everything is functioning correctly there.

Simon.
0
 

Author Comment

by:bruchou10
ID: 12538733
Last night I restarted the Exchange, but the this not solved this issue.
With the Diagnostic Level set to Max, no error was logged...
I ran diagnostic tools on the Domain controllers and no errors was detected... so... I don't know what I should do...

When I create a new user, the login popup appears repeatdly too...




0
 
LVL 104

Expert Comment

by:Sembee
ID: 12560856
What is the position with this now? Are you getting errors in the event log still? Or have those gone away and it is just the OWA prompts?

Are the OWA prompts for every user?

Simon.
0
 

Author Comment

by:bruchou10
ID: 12565870
Mmmmm...
Still I'm looking for a solution...
The OWA prompt still appearing, for all users...

Thanks.

Eduardo.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1500 total points
ID: 12597860
From my research the login prompt indicates one of two things...

1. The user hasn't authenticated correctly (bad password, bad username etc)
2. There is a problem with the server accessing the domain controller for password authentication.

Event logs will usually show whether 2 is the problem or not, as there will be errors.

As a test which worked on another question, try turning off integrated authentication on the OWA virtual folders (I listed them above) so that basic is the only option. Try again (on your LAN obviously as basic sends everything "in the clear").

Simon.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question