• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 416
  • Last Modified:

Exchange 2003 (SP2) - OWA rejects all valid login requests on both my servers. Help ! Need to fix this before I go home tomorrow.

Hi all,
Having spent two weeks migrating our 3 offices in Hong Kong , Shanghai and Singapore to a Windows 2003 AD with Exchange 2003 and ISA2004, I left the easy job of publishing the OWA rule to the end as I've never had problems with it it the past (works in Europe and the US).

Everything is working exactly as I would like it. The domain is replicating nicely (all dcdiags are 100% clean), ISA is doing a great job as a firewall and is caching nicely. And the two exchange servers (one in HK and one in Singapore) are sending/receiving mail for their own regional e-mail domains.

But - (and this is driving me mad) - when I try to use OWA either from the local network (eg. http://10.236.6.7/exchange, or from outside http://mail.hk.mycorp.com/exchange) the authentication fails.

The single forest/domain is still running in mixed mode (as is the exchange organisation).

I've compared all of the IIS settings with thos of a working OWA box in London and they are identical (even the Exchange virtual sites and apps).

We have absolutely no problem in accessing the inbox from an Outlook 2003 client. And are using the exact same user/password.  

eg.   The fqdn of the domain is ASIA.MYCORP.COM, it has a netbios name of AITC. The ACCOUNT user logon name and pre-2000 logon name is M098811

So when using OWA, the username box can be completed as ;

AITC\M098811                          or
M098811@ASIA.MYCORP.COM or in theory just
M098811                                 since the default domain for Basic authentication IS AITC

Can anyone think of a reason for these authentication failures - or suggest the correct settings for IIS. I'm not running any other websites than IIS on this machine.

Once it's working on the LAN I should be ok with the ISA publishing part.

Thanks for any help you can offer.

Kev.


0
kevinshepherd
Asked:
kevinshepherd
1 Solution
 
kevinshepherdAuthor Commented:
BTW - I forgot to mention that the server in front of me is a DC, though the one in HK is not.

Looking at the permissions for 'default website', The non DC has
Administrators (almost full)
Everyone full
IIS_WPG deny write (local user)
IUSR_HK-SRB2  deny write (local user)
Users none
System (almost full)

on the DC, those local accounts show as unrecognised SIDS

At both sites the default web listens only on the NIC that is used.

Going mad trying to spot the diff between the working and not working sites.

Has anyone faced a similar problem?

Cheers. Kev
0
 
LeeDerbyshireCommented:
In what way does the authentication fail?  Does it keep on popping up the login box (eventually failing), or does it say something like '401 - Unauthorized' as soon as you supply the credentials?

It will help to compare the IIS logfiles on both servers, to see what is different about the unsuccessful access attempts.  Most significantly, see if IIS is recording any usernames for the failed attempts.  If there is no username, then the logon is simply failing (bad password, unrecognized user, no permission to logon to the server).  If there is a username logged, then the logon has succeeded, but the user has no permission to access a resource on the server.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now