svmEMDS
asked on
Exchange 2003 Server OWA, Users get "Forbidden" message for a Reply to or Sending an Email
Had and issue (posted on Exchange Networks) with users on just one particular Exchange 2003 Mailbox Server where the users were getting Loading ......... displayed after login to OWA. Jay_Dale answered me back and I got suggested I look at KB910119. Did that and found the issue to be as the article said the Exchweb directory on this Backend Server and the Front Servers had a directory mismatch. Copied the directory missing from the Backend Mail server to the Front Ends and that resolved the Loading........ display issue and users were able to get into their email via OWA fine. Days later discovered that when the users try to reply to or send a new Email they get a message that Pops up saying "Forbidden" and they cannot send or Reply as a result.
ASKER
Sembee:
Out of 14 Mailbox servers this server is the only one with this extra directory under C:\Program Files\Exchsrvr\ExchWeb All of the other servers have the following under the above path: 6.5.6944.0, 6.5.7226.0, 6.5.7638.1 but the server with the issue has an extra directory 6.5.7651.60 that shows up and displays in IIS under the Default WebSite and ExchWeb. Not sure how this happened. Is there anyway to reverse this on the one server ? I added the extra directory in my earlier comments to our Exchange Front End servers. I surely don't want to have to patch all of the other 13 Exchange Mailbox servers.
Tony
Out of 14 Mailbox servers this server is the only one with this extra directory under C:\Program Files\Exchsrvr\ExchWeb All of the other servers have the following under the above path: 6.5.6944.0, 6.5.7226.0, 6.5.7638.1 but the server with the issue has an extra directory 6.5.7651.60 that shows up and displays in IIS under the Default WebSite and ExchWeb. Not sure how this happened. Is there anyway to reverse this on the one server ? I added the extra directory in my earlier comments to our Exchange Front End servers. I surely don't want to have to patch all of the other 13 Exchange Mailbox servers.
Tony
Any reason you don't want to patch the other servers?
There have been a serious of updates for OWA to deal with prompts and other issues since Microsoft lost a court case over something or other. 6.5.7651.60 is the current latest patch for OWA.
However, frontend servers should always be the highest version, so I would suggest patching at least all of your frontend servers.
The patch that caused that update was http://support.microsoft.com/default.aspx?kbid=924334
Simon.
There have been a serious of updates for OWA to deal with prompts and other issues since Microsoft lost a court case over something or other. 6.5.7651.60 is the current latest patch for OWA.
However, frontend servers should always be the highest version, so I would suggest patching at least all of your frontend servers.
The patch that caused that update was http://support.microsoft.com/default.aspx?kbid=924334
Simon.
ASKER
Simon:
Best case scenario I figured I would need to at least patch the Front End Servers. Just didn't want to break anything with all of the other 13 servers working just fine. Can I leave the 6.5.7651.60 directory that I copied over from the problem Mailbox server to the Front End servers and then just apply the 924334 patch to the Front End servers. If so I will put in a change request today to get the Front Ends patched. Front Ends should be patched first. Let me know. I will try it and let you know how it went. Thanks for your comments.
Tony
Best case scenario I figured I would need to at least patch the Front End Servers. Just didn't want to break anything with all of the other 13 servers working just fine. Can I leave the 6.5.7651.60 directory that I copied over from the problem Mailbox server to the Front End servers and then just apply the 924334 patch to the Front End servers. If so I will put in a change request today to get the Front Ends patched. Front Ends should be patched first. Let me know. I will try it and let you know how it went. Thanks for your comments.
Tony
Copying that folder across has probably caused more problems than it fixes. I would remove it as it should only be installed as part of the patch.
The golden rule with fe/be scenario is that the frontends should always be the same or higher than the backends. OWA etc can go backwards in versions, but not forwards.
Simon.
The golden rule with fe/be scenario is that the frontends should always be the same or higher than the backends. OWA etc can go backwards in versions, but not forwards.
Simon.
ASKER
Simon:
OK. I will remove that directory and then patch the Front End Server with the .60 OWA patch after my Change Request gets approved today. I will let you know the results.
Tony
OK. I will remove that directory and then patch the Front End Server with the .60 OWA patch after my Change Request gets approved today. I will let you know the results.
Tony
ASKER
Simon:
I completed the steps in my last comment of removing that directory I copied over to the Exchange Front End servers and then I applied patch 924334 to both Front Ends and I still got the same symptom. Users from this one particular Mailbx server can login fine via OWA but when they attempt to reply or send an email they get the message "Forbidden". I did not touch the Mailbox server, just the Front Ends. Any other ideas ?
Thanks
Tony
I completed the steps in my last comment of removing that directory I copied over to the Exchange Front End servers and then I applied patch 924334 to both Front Ends and I still got the same symptom. Users from this one particular Mailbx server can login fine via OWA but when they attempt to reply or send an email they get the message "Forbidden". I did not touch the Mailbox server, just the Front Ends. Any other ideas ?
Thanks
Tony
If you have pinned it down to one server then I would be looking to resetting the virtual folders of that backend server initially. That will make sure that you do not have any simple permissions errors.
http://support.microsoft.com/default.aspx?kbid=883380
Simon.
http://support.microsoft.com/default.aspx?kbid=883380
Simon.
ASKER
Simon:
What about the possibiilty of removing the patch on the troubled Mailbox Exchange server and reinstalling KB 924334 on it. No one has touched the configuration of IIS on this Mailbox server, only thing that may have inadvertently happened was the KB 924334 patch got installed on it before the Front End Exchange servers got patched. Maybe reversing that order will clear up the issue.
Just brainstorming
Tony
What about the possibiilty of removing the patch on the troubled Mailbox Exchange server and reinstalling KB 924334 on it. No one has touched the configuration of IIS on this Mailbox server, only thing that may have inadvertently happened was the KB 924334 patch got installed on it before the Front End Exchange servers got patched. Maybe reversing that order will clear up the issue.
Just brainstorming
Tony
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon:
I will contact Microsoft on the patch then and see what they say......thanks
Tony
I will contact Microsoft on the patch then and see what they say......thanks
Tony
ASKER
Issue resolved by opening case with MS. Ended up IIS Manager and Exchange virtual Directories (HTTP under ESM) were missing some Write and Directory Browsing Access Control Permissions. Made sure permissions matched between the two and then restarted IIS Admin service on backend server with issue. We could then login, reply, send and delete messages fine from OWA. Still had another issue with accessing Public Folders from OWA from this backend exchange server. So we went through procedures outlined in KB883380 to rebuild IIS database for ExchWeb, Exchange, IIS Admin and Public directories listed under default Website in IIS Manager. Process rebuilds the IIS database which showed evidence of corruption. Afterward we everything appeared to work fine. Granting Simon 250 points for at least pointing me in the right direction. Tberry
What you should have done was installed the actual patch or update that created that missing directory.
Simon.