HTTP/1.1 503 Service Unavailable Outlook Web Access

I have setup an Exchange cluster and am running OWA with SSL enabled.  Everything was running fine and I have set up almost 100 users on this new email system.

Whenever some users try to connect to OWA via https://server/exchange they are prompted for the certificate and then asked for their user name and password.  When the name and password are entered correctly they are forwarded to the HTTP/1.1 503 Service Unavailable page.  If they click refresh OWA comes up as it should.  

I've searched for solutions and I could only find one that says to uncheck "Enable anonymous access" for the ExchWeb in IIS.  This appears to have worked but then users would get to the OWA main screen and the email list would freeze on "Loading" or would finally error with

error line: 1038
invalid procedure call or argument

This was only in Internet Explorer, Firefox worked fine.

Please HELP, the boss is not happy :(

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Please... Which version of Exchange Enterprise are you using?? Service pack levels/builds, other basic information?

Are you using Form-based authentication for HTTPS, if Exchange 2003?

<< Everything was running fine >>
Then what changed?

Any changes to IIS websites or virtual directories?
Any changes to Recipient Policies?
One thing to try on this is rebuilding the recipient update services.
Go into system manager, then recipients, then recipient update services. Right click on eahc service and go t rebuild. You may have to wait some time, depending on the size of your list before it starts working.

SimpsonISAuthor Commented:
Version = Exchange Enterprise2003 sp2 version:

Form-based authentication = no

I should take that back, I've never had the problem personally and never saw it on test machines.  The last change made to the system was enabling SSL and setting policies for mailbox size limits, those are the only changes before the problem was recognized.

No changes to websites or virtual directories or recipient policies since initial set up.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Have a look at;[LN];823159

If OWA is opened without using ssl, does the site work correctly? Might have to disable the 128-bit requirement temporarily.

Does it make any difference when you authenticate to OWA with the UPN ( ?

Here is an article on the settings for IIS Virtual directory security. It could be a good idea to run through this one and see if anything was inadvertently changed, or an important step was missed, and otherwise it's a very interesting read:

If you need to revert back to the default Exchange Virtual directories and want to start over, follow this article:

How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Also, did you know:
As a general rule, you should set the authentication methods through the Exchange System Manager whenever possible, and through the IIS Manager only as a last resort. [...] Before you start experimenting with OWA configuration options, it’s vital that you know the ins and outs of the DS2MB process. DS2MB stands for Directory Service to Metabase, a method by which Exchange configuration information in Active Directory is synchronized to the metabase. The function of the DS2MB synchronization process is to transfer configuration information from Active Directory to the local metabase. DS2MB is a one-way process, meaning that you always should make any changes to your OWA directories through the Exchange System Manager and not the IIS Manager. Any changes you make to the Exchange and Public virtual directories via the IIS Manager will be lost once the System Attendant service is restarted (such as after a reboot) or when the DS2MB process kicks in, which is normally every 15 minutes. The reason is that the DS2MB process always overwrites the settings in IIS Manager with the settings that exist in Exchange System Manager.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SimpsonISAuthor Commented:
Thanks Rant32

I followed your link to the microsoft support.  Which definatley helpe because the problem had worsened, the HTTP Virtual Server failed and would not come back online.  I went ahead though and uninstalled IIS, reinstalled IIS, did a reinstall of Exchange 2k3 and ran the upgrade to sp2 again.  All is working great now.  Following Microsoft's instructions may have been faster though.

Very good point about setting the authentication in system manager.  I think that is what broke it in the first place.

Glad it worked out, have a good one. Thanks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.