Solved

Exchange 2003 (SP2) - OWA rejects all valid login requests on both my servers. Help ! Need to fix this before I go home tomorrow.

Posted on 2006-07-06
4
384 Views
Last Modified: 2011-10-03
Hi all,
Having spent two weeks migrating our 3 offices in Hong Kong , Shanghai and Singapore to a Windows 2003 AD with Exchange 2003 and ISA2004, I left the easy job of publishing the OWA rule to the end as I've never had problems with it it the past (works in Europe and the US).

Everything is working exactly as I would like it. The domain is replicating nicely (all dcdiags are 100% clean), ISA is doing a great job as a firewall and is caching nicely. And the two exchange servers (one in HK and one in Singapore) are sending/receiving mail for their own regional e-mail domains.

But - (and this is driving me mad) - when I try to use OWA either from the local network (eg. http://10.236.6.7/exchange, or from outside http://mail.hk.mycorp.com/exchange) the authentication fails.

The single forest/domain is still running in mixed mode (as is the exchange organisation).

I've compared all of the IIS settings with thos of a working OWA box in London and they are identical (even the Exchange virtual sites and apps).

We have absolutely no problem in accessing the inbox from an Outlook 2003 client. And are using the exact same user/password.  

eg.   The fqdn of the domain is ASIA.MYCORP.COM, it has a netbios name of AITC. The ACCOUNT user logon name and pre-2000 logon name is M098811

So when using OWA, the username box can be completed as ;

AITC\M098811                          or
M098811@ASIA.MYCORP.COM or in theory just
M098811                                 since the default domain for Basic authentication IS AITC

Can anyone think of a reason for these authentication failures - or suggest the correct settings for IIS. I'm not running any other websites than IIS on this machine.

Once it's working on the LAN I should be ok with the ISA publishing part.

Thanks for any help you can offer.

Kev.


0
Comment
Question by:kevinshepherd
4 Comments
 

Author Comment

by:kevinshepherd
ID: 17049438
BTW - I forgot to mention that the server in front of me is a DC, though the one in HK is not.

Looking at the permissions for 'default website', The non DC has
Administrators (almost full)
Everyone full
IIS_WPG deny write (local user)
IUSR_HK-SRB2  deny write (local user)
Users none
System (almost full)

on the DC, those local accounts show as unrecognised SIDS

At both sites the default web listens only on the NIC that is used.

Going mad trying to spot the diff between the working and not working sites.

Has anyone faced a similar problem?

Cheers. Kev
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 250 total points
ID: 17050474
In what way does the authentication fail?  Does it keep on popping up the login box (eventually failing), or does it say something like '401 - Unauthorized' as soon as you supply the credentials?

It will help to compare the IIS logfiles on both servers, to see what is different about the unsuccessful access attempts.  Most significantly, see if IIS is recording any usernames for the failed attempts.  If there is no username, then the logon is simply failing (bad password, unrecognized user, no permission to logon to the server).  If there is a username logged, then the logon has succeeded, but the user has no permission to access a resource on the server.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now