OWA 2000 Authentication Retry

Hi.
Today I restarted my Exchange 2000 server, and it was succesfully start all services. All the IMAP clients can access ok to their mailboxes, but now, when I try to access through OWA, I receive the password popup, I type the password and the popup appears again!!!. If  I click "Cancel" to the second popup up, I can access normally. If I type again the password on the second popup, it appears again, and then I can access normally.
This happens from I have restart the server...

On the App Log, appears:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            04/11/2004
Time:            05:37:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
pepep.pepe@xxxxx.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=ABOGADOS/OU=BFM&L/CN=RECIPIENTS/CN=pepep. The folder ID is in the data section of this event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 0e 00 00 00 00 5a fb f2   .....Zûò

I never change the permissions, so I don't know why this error is appearing....

Thanks (sorry by my english)
bruchou10Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bruchou10Author Commented:
Sorry, the client are MAPI (Outlook 2000), and not IMAP.
0
SembeeCommented:
Have you tried my standard first response for OWA questions?

Check the authentication on the IIS manager for the Exchange virtual directories:
/exchange
/exchweb
/public
/exadmin

All should be basic and integrated ONLY.
In addition, /exchweb should also have anonymous access. No others should have anonymous.

Otherwise something has changed - Exchange doesn't make permissions changes on its own.
Installed anything new? What was the reason for the reboot?

Simon.
0
bruchou10Author Commented:
Permissions for:

/exchange
/exchweb
/public
/exadmin
are exactly as you describe.

Nothing has changed... OWA worked correctly.
The reason for the reboot was that some MAPI clients can not connect to Exchange Server, no errors were logged and I decided to restart my server to resolve this issue.
The starting for the services was normal, except one error was logged:

Event Type:      Error
Event Source:      MSExchangeFBPublish
Event Category:      General
Event ID:      8197
Date:            04/11/2004
Time:            04:08:00 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Error initializing session for virtual machine EXCH-SRV1. The error number is 0x8004011d. Make sure Microsoft Exchange Store is running.

For more information, click http://www.microsoft.com/contentredirect.asp.

And all clients could connect OK.

But late, appeared the error:

Event Type:      Error
Event Source:      MSExchangeIS Public Store
Event Category:      Logons
Event ID:      1024
Date:            04/11/2004
Time:            04:22:55 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
NT AUTHORITY\SYSTEM was unable to log on as NT AUTHORITY\SYSTEM to the Public Folder Store "First Storage Group\Public Folder Store

(EXCH-SRV1)".

For more information, click http://www.microsoft.com/contentredirect.asp.

This error was not appears again.


Then, I try to access th OWA and the authentication prompt appears three times, and I was logged in. In this moment, repeatedly appears:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            04/11/2004
Time:            05:12:39 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
pepe@xxxx.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read

Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=xxxx/OU=yyyy/CN=RECIPIENTS/CN=pepe. The folder ID is in the data section of this

event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 02 00 00 00 01 02 54 9f   ......TŸ


0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

bruchou10Author Commented:
Is there any way to restore all the mailbox permissions to its default permissions?
0
bruchou10Author Commented:
Is there any way to restore all the mailbox permissions to its default permissions?
0
SembeeCommented:
No.
Once the permissions have been changed there is no way to get them back - except resetting them all by hand.

Simon.
0
SembeeCommented:
For the last error, the closest I can get is this: http://support.microsoft.com/?kbid=325885. Usual cause is having diagnostic logging turned up too high.

The one about NT Authority\SYSTEM usually means that the account with that name has been removed from the store permissions. Usually caused by someone who doesn't know what their doing trying to "tighten" the security on their Exchange server.

As for the FBPublish error, there are a number of causes. Most of them are documented here: http://www.eventid.net/display.asp?eventid=8197

Apolgies for the delay, I have had a very busy weekend migrating 300 mailboxes to a new server and didn't have time to do the research.

Simon.
0
bruchou10Author Commented:
Thanks Sembee. I have read these articles, and , I think too this is caused by turning up the diagnostic logging, so I think this is not important.
Yersterday I have restarted all domain controllers in my domain (3), and Exhchange logged two rarely event.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2103
Date:            07/11/2004
Time:            09:25:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Process MAD.EXE (PID=1828). All Global Catalog Servers in use are not responding:
dc-srv1.bfmlym.local
dc-srv2.bfmlym.local
 

For more information, click http://www.microsoft.com/contentredirect.asp.


and...


Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2102
Date:            07/11/2004
Time:            09:25:50 p.m.
User:            N/A
Computer:      EXCH-SRV1
Description:
Process MAD.EXE (PID=1828). All Domain Controller Servers in use are not responding:
dc-srv1.bfmlym.local
dc-temporal.bfmlym.local
dc-srv2.bfmlym.local
 

For more information, click http://www.microsoft.com/contentredirect.asp.


I have three domain controllers (dc-srv1, dc-srv2 and dc-temporal) and two Global Catalogs (dc-srv1, dc-srv2). Why exchange do not switch to another global catalog while one of them was restarting? All clients hangs up, and they work fine again when the domain controller was started up completely.

Besides, today I changed my password, because it reach its age period. From there, Outlook (MAPI) prompt me my new password... as if it did not know my new password... and suddenly I logged ok, without prompt password.... I am disturbed...

I don know if all these events are relationed with the OWA popup authentication appears repeatedly...


Thanks again.
0
SembeeCommented:
Exchange will change global catalog - but it is very slow. I have seen it take 40 minutes or more before it finds another one.
The password change issue sounds like replication issues. If you authenticated against one DC, but Exchange is using a different one, plus there is a replication error then you will get these issues.
I would start looking at the core domain to see whether everything is functioning correctly there.

Simon.
0
bruchou10Author Commented:
Last night I restarted the Exchange, but the this not solved this issue.
With the Diagnostic Level set to Max, no error was logged...
I ran diagnostic tools on the Domain controllers and no errors was detected... so... I don't know what I should do...

When I create a new user, the login popup appears repeatdly too...




0
SembeeCommented:
What is the position with this now? Are you getting errors in the event log still? Or have those gone away and it is just the OWA prompts?

Are the OWA prompts for every user?

Simon.
0
bruchou10Author Commented:
Mmmmm...
Still I'm looking for a solution...
The OWA prompt still appearing, for all users...

Thanks.

Eduardo.
0
SembeeCommented:
From my research the login prompt indicates one of two things...

1. The user hasn't authenticated correctly (bad password, bad username etc)
2. There is a problem with the server accessing the domain controller for password authentication.

Event logs will usually show whether 2 is the problem or not, as there will be errors.

As a test which worked on another question, try turning off integrated authentication on the OWA virtual folders (I listed them above) so that basic is the only option. Try again (on your LAN obviously as basic sends everything "in the clear").

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.