Exchange 2003 Server OWA, Users get "Forbidden" message for a Reply to or Sending an Email

Had and issue (posted on Exchange Networks) with users on just one particular Exchange 2003 Mailbox Server where the users were getting     Loading .........   displayed after login to OWA.    Jay_Dale answered me back and I got suggested I look at KB910119.   Did that and found the issue to be as the article said the Exchweb directory on this Backend Server and the Front Servers had a directory mismatch.   Copied the directory missing from the Backend Mail server to the Front Ends and that resolved the Loading........   display issue and users were able to get into their email via OWA fine.     Days later discovered that when the users try to reply to or send a new Email they get a message that Pops up saying "Forbidden" and they cannot send or Reply as a result.      
svmEMDSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
You shouldn't have copied the missing directory across. The directory version is just a symptom of the problem and is something that is easily checked for version mismatch.

What you should have done was installed the actual patch or update that created that missing directory.

Simon.
0
svmEMDSAuthor Commented:
Sembee:

           Out of 14 Mailbox servers this server is the only one with this extra directory under C:\Program Files\Exchsrvr\ExchWeb    All of the other servers have the following under the above path:   6.5.6944.0, 6.5.7226.0, 6.5.7638.1 but the server with the issue has an extra directory 6.5.7651.60 that shows up and displays in IIS under the Default WebSite and ExchWeb.  Not sure how this happened.     Is there anyway to reverse this on the one server ?   I added the extra directory in my earlier comments to our Exchange Front End servers.    I surely don't want to have to patch all of the other 13 Exchange Mailbox servers.  

Tony
 

0
SembeeCommented:
Any reason you don't want to patch the other servers?
There have been a serious of updates for OWA to deal with prompts and other issues since Microsoft lost a court case over something or other. 6.5.7651.60 is the current latest patch for OWA.

However, frontend servers should always be the highest version, so I would suggest patching at least all of your frontend servers.
The patch that caused that update was http://support.microsoft.com/default.aspx?kbid=924334

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

svmEMDSAuthor Commented:
Simon:
        Best case scenario I figured I would need to at least patch the Front End Servers.   Just didn't want to break anything with all of the other 13 servers working just fine.    Can I leave the 6.5.7651.60 directory that I copied over from the problem Mailbox server to the Front End servers and then just apply the 924334 patch to the Front End servers.    If so I will put in a change request today to get the Front Ends patched.    Front Ends should be patched first.     Let me know.   I will try it and let you know how it went.      Thanks for your comments.  

Tony
   
0
SembeeCommented:
Copying that folder across has probably caused more problems than it fixes. I would remove it as it should only be installed as part of the patch.

The golden rule with fe/be scenario is that the frontends should always be the same or higher than the backends. OWA etc can go backwards in versions, but not forwards.

Simon.
0
svmEMDSAuthor Commented:
Simon:
             OK.   I will remove that directory and then patch the Front End Server with the .60 OWA patch after my Change Request gets approved today.   I will let you know the results.

Tony
0
svmEMDSAuthor Commented:
Simon:
           I completed the steps in my last comment of removing that directory I copied over to the Exchange Front End servers and then I applied patch 924334 to both Front Ends and I still got the same symptom.   Users from this one particular Mailbx server can login fine via OWA but when they attempt to reply or send an email they get the message  "Forbidden".    I did not touch the Mailbox server, just the Front Ends.    Any other ideas ?  
Thanks

Tony
0
SembeeCommented:
If you have pinned it down to one server then I would be looking to resetting the virtual folders of that backend server initially. That will make sure that you do not have any simple permissions errors.

http://support.microsoft.com/default.aspx?kbid=883380

Simon.
0
svmEMDSAuthor Commented:
Simon:

What about the possibiilty of removing the patch on the troubled Mailbox Exchange server and reinstalling KB 924334 on it.     No one has touched the configuration of IIS on this Mailbox server, only thing that may have inadvertently happened was the KB 924334 patch got installed on it before the Front End Exchange servers got patched.   Maybe reversing that order will clear up the issue.  

Just brainstorming

Tony
0
SembeeCommented:
Wouldn't like to say. If you suspect a problem with a patch, then you should be able to speak to Microsoft free on those. They would be able to confirm whether it would resolve the problem or not.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
svmEMDSAuthor Commented:
Simon:

               I will contact Microsoft on the patch then and see what they say......thanks

Tony


0
svmEMDSAuthor Commented:
Issue resolved by opening case with MS.   Ended up IIS Manager and  Exchange virtual Directories (HTTP under ESM) were missing some Write and Directory Browsing Access Control Permissions.   Made sure permissions matched between the two and then restarted IIS Admin service on backend server with issue.   We could then login, reply, send and delete messages fine from OWA.   Still had another issue with accessing Public Folders from OWA from this backend exchange server.   So we went through procedures outlined in KB883380 to rebuild IIS database for ExchWeb, Exchange, IIS Admin and Public directories listed under default Website in IIS Manager.   Process rebuilds the IIS database which showed evidence of corruption.   Afterward we everything appeared to work fine.  Granting Simon 250 points for at least pointing me in the right direction.   Tberry

 
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.