Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 (SP2) - OWA rejects all valid login requests on both my servers. Help ! Need to fix this before I go home tomorrow.

Posted on 2006-07-06
4
Medium Priority
?
411 Views
Last Modified: 2011-10-03
Hi all,
Having spent two weeks migrating our 3 offices in Hong Kong , Shanghai and Singapore to a Windows 2003 AD with Exchange 2003 and ISA2004, I left the easy job of publishing the OWA rule to the end as I've never had problems with it it the past (works in Europe and the US).

Everything is working exactly as I would like it. The domain is replicating nicely (all dcdiags are 100% clean), ISA is doing a great job as a firewall and is caching nicely. And the two exchange servers (one in HK and one in Singapore) are sending/receiving mail for their own regional e-mail domains.

But - (and this is driving me mad) - when I try to use OWA either from the local network (eg. http://10.236.6.7/exchange, or from outside http://mail.hk.mycorp.com/exchange) the authentication fails.

The single forest/domain is still running in mixed mode (as is the exchange organisation).

I've compared all of the IIS settings with thos of a working OWA box in London and they are identical (even the Exchange virtual sites and apps).

We have absolutely no problem in accessing the inbox from an Outlook 2003 client. And are using the exact same user/password.  

eg.   The fqdn of the domain is ASIA.MYCORP.COM, it has a netbios name of AITC. The ACCOUNT user logon name and pre-2000 logon name is M098811

So when using OWA, the username box can be completed as ;

AITC\M098811                          or
M098811@ASIA.MYCORP.COM or in theory just
M098811                                 since the default domain for Basic authentication IS AITC

Can anyone think of a reason for these authentication failures - or suggest the correct settings for IIS. I'm not running any other websites than IIS on this machine.

Once it's working on the LAN I should be ok with the ISA publishing part.

Thanks for any help you can offer.

Kev.


0
Comment
Question by:kevinshepherd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Author Comment

by:kevinshepherd
ID: 17049438
BTW - I forgot to mention that the server in front of me is a DC, though the one in HK is not.

Looking at the permissions for 'default website', The non DC has
Administrators (almost full)
Everyone full
IIS_WPG deny write (local user)
IUSR_HK-SRB2  deny write (local user)
Users none
System (almost full)

on the DC, those local accounts show as unrecognised SIDS

At both sites the default web listens only on the NIC that is used.

Going mad trying to spot the diff between the working and not working sites.

Has anyone faced a similar problem?

Cheers. Kev
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 1000 total points
ID: 17050474
In what way does the authentication fail?  Does it keep on popping up the login box (eventually failing), or does it say something like '401 - Unauthorized' as soon as you supply the credentials?

It will help to compare the IIS logfiles on both servers, to see what is different about the unsuccessful access attempts.  Most significantly, see if IIS is recording any usernames for the failed attempts.  If there is no username, then the logon is simply failing (bad password, unrecognized user, no permission to logon to the server).  If there is a username logged, then the logon has succeeded, but the user has no permission to access a resource on the server.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question