Exchange 2003 + Windows 2003 OWA Security Problem

Posted on 2004-11-24
Last Modified: 2012-06-22
Hi there,

I am having a problem with users accessing OWA.
I have a test user in our domain, added to the groups Domain Users and Outlook Web Access Users.
The Outlook Web Access Users group has log on locally assigned in the Local Security Policy on the local machine.

If I log on to the machine locally and type localhost/exchange in the browser it is fine.

However, we have added the url to the exchange box for external access. When they try to access using this url they are having problems. So there is something going on with this url. This occurrs both inside and outside the network, it is not a dns issue as the host has been setup in our internal dns and the url resolves to the right ip address from behind and outside the firewall.
(ie internal access resolves to and external to the external ip which the firewall forwards).

There are some users that can access this, they are the administrators/domain admins etc.

They are receiving Error:Access is Denied

Another thing, if the users that can access the box type MACHINENAME\exchange they login to exchange transparently, if they use the they are required to login via IE.

The exchange box is not currently running Forms Based Authentication.

Any help would be greatly appreciated as this has been doing my head in for near on 2 days of google/experts searching and randomly tearing hair out/fiddling with security setting.

Question by:miken05
    LVL 6

    Accepted Solution

    Not 100% sure but you have said

    The Outlook Web Access Users group has log on locally assigned in the Local Security Policy on the local machine.

    so I would make sure the above group also has access to logon via network.

    Apologies I can't be precise but this is where I would start - especially as Admins can access OWA ok.

    LVL 1

    Expert Comment

    Have you looked at IIS secuity setting?

    It almost looks as though it could be how you are authenicating users with IIS.


    <advertizing removed by CetusMOD per http:help.jsp#hi106>

    Author Comment

    Ian.. Legend thank you so much.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now