Solved

OWA access denied

Posted on 2007-03-21
10
480 Views
Last Modified: 2010-04-18
Some of my users periodically travel. When at some locations, not all, and they try to access thier e-mail on my Exchange 2003 server via OWA, they are repeatedly prompted for their password. Finally OWA opens with the folder list pane on the left, however the reading pane is empty and displays access denied. Can someone please tell me what is causing this? Are my users behind a Proxy or firewall at the locations where this happens? How can I get them access to thier e-mail with OWA?

Thanks
0
Comment
Question by:harold9153
10 Comments
 
LVL 1

Expert Comment

by:jefferybush
ID: 18768855
Might be that ports are blocked on the networks they they are at. Are they accessing from a hotel room or another company's intranet? Ports 80 HTTP and 443 SSL (if you are suing SSL) are required. Does this happen on another company's network only? Also, if you are usiing SSL, is it a certificate you created yourself, or one from 3rd party? If you are using SSL and have created your own certificate, have them try adding the "S" to the http. In other words, "https://mail.yourcompany.com/exchange" froman internet browser.

Good luck!  
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18768949
Just a suggestion; When the users connect, in the logon box there is an option under Client; Premium or Basic. Try the basic option when experiencing these problems. I have found some sites, presumably ones with less than perfect Internet performance, will give you "funky" results or partial displays. Reducing to basic allows proper access, though slightly simpler interface.
0
 

Author Comment

by:harold9153
ID: 18768994
This has happened at hotels rooms and on other company intranets. I'm not using SSL. I've tried the Basic option in the login box.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Expert Comment

by:jefferybush
ID: 18769096
Hmmm....This may be kind of along shot, but are there any other protocols besides TCP/IP bound to the network card? Check the properties of the net card from within My Net Places to make sure that IPX/SPX isn't bound to it. If it is, remove it and restart.
0
 
LVL 1

Expert Comment

by:jefferybush
ID: 18769112
I digress...I guess itwouldn't matter over an Internet Exploder OWA connection.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18775150
Any reason you aren't using SSL?
That means your usernames and passwords are going across in the clear. If the users are regularly accessing the server from hotels and the like, then there could be all sorts of things going on. HTTP traffic is also prone to interference from proxies and cache. HTTPS traffic is not treated like that so can provide a better experience.

Simon.
0
 

Expert Comment

by:nieblertech
ID: 18775453
I agree with Sembee.  I've had some flaky experience running OWA exclusively through port 80.  I've also found that buying a certificate from an outside source is well worth the money.  The self-signed certificates that the server produces can cause problems if the device you are trying to access with cannot (or doesn't) display the "Are you sure you want to trust this site" dialogue.  Also, are your users trying to do anything else besides access OWA?  If they are using SharePoint you have to open up port 444 as well.
0
 

Author Comment

by:harold9153
ID: 18776471
I solved this and here's how. I have a Cisco 3000 VPN Concentrator to which my users often use make a connection to the internal LAN with the Cisco IPSec VPN client. I turned on the WebVPN feature on the Concentrator.

(In a WebVPN connection, the VPN Concentrator acts as a proxy between the end user's web browser and target web servers. When a WebVPN user connects to an SSL-enabled web server, the VPN Concentrator establishes a secure connection and validates the server's SSL certificate. The end user's browser never receives the presented certificate.)

The users types the public IP of the Concentrator in their browser to connect to the WebVPN. The VPN Concentrator creates a self-signed SSL server certificate when it boots that they have to accept. They login to the WebVPN using the same credientials as when they use the regular Cisco IPSec VPN client. Another screen come up into which they enter the URL for our OWA. Now then I'm not using SSL on my OWA server (though I am taking others advice and intend to) however OWA comes up without a problem. I suppose this "fools" any proxies, caches, etc.

Any thoughts?
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19338680
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Read this checklist to learn more about the 15 things you should never include in an email signature.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question