Solved

Exchange 2003 Server OWA, Users get "Forbidden" message for a Reply to or Sending an Email

Posted on 2007-03-23
12
430 Views
Last Modified: 2008-01-09
Had and issue (posted on Exchange Networks) with users on just one particular Exchange 2003 Mailbox Server where the users were getting     Loading .........   displayed after login to OWA.    Jay_Dale answered me back and I got suggested I look at KB910119.   Did that and found the issue to be as the article said the Exchweb directory on this Backend Server and the Front Servers had a directory mismatch.   Copied the directory missing from the Backend Mail server to the Front Ends and that resolved the Loading........   display issue and users were able to get into their email via OWA fine.     Days later discovered that when the users try to reply to or send a new Email they get a message that Pops up saying "Forbidden" and they cannot send or Reply as a result.      
0
Comment
Question by:svmEMDS
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18783980
You shouldn't have copied the missing directory across. The directory version is just a symptom of the problem and is something that is easily checked for version mismatch.

What you should have done was installed the actual patch or update that created that missing directory.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18792764
Sembee:

           Out of 14 Mailbox servers this server is the only one with this extra directory under C:\Program Files\Exchsrvr\ExchWeb    All of the other servers have the following under the above path:   6.5.6944.0, 6.5.7226.0, 6.5.7638.1 but the server with the issue has an extra directory 6.5.7651.60 that shows up and displays in IIS under the Default WebSite and ExchWeb.  Not sure how this happened.     Is there anyway to reverse this on the one server ?   I added the extra directory in my earlier comments to our Exchange Front End servers.    I surely don't want to have to patch all of the other 13 Exchange Mailbox servers.  

Tony
 

0
 
LVL 104

Expert Comment

by:Sembee
ID: 18793124
Any reason you don't want to patch the other servers?
There have been a serious of updates for OWA to deal with prompts and other issues since Microsoft lost a court case over something or other. 6.5.7651.60 is the current latest patch for OWA.

However, frontend servers should always be the highest version, so I would suggest patching at least all of your frontend servers.
The patch that caused that update was http://support.microsoft.com/default.aspx?kbid=924334

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:svmEMDS
ID: 18793353
Simon:
        Best case scenario I figured I would need to at least patch the Front End Servers.   Just didn't want to break anything with all of the other 13 servers working just fine.    Can I leave the 6.5.7651.60 directory that I copied over from the problem Mailbox server to the Front End servers and then just apply the 924334 patch to the Front End servers.    If so I will put in a change request today to get the Front Ends patched.    Front Ends should be patched first.     Let me know.   I will try it and let you know how it went.      Thanks for your comments.  

Tony
   
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18793389
Copying that folder across has probably caused more problems than it fixes. I would remove it as it should only be installed as part of the patch.

The golden rule with fe/be scenario is that the frontends should always be the same or higher than the backends. OWA etc can go backwards in versions, but not forwards.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18793527
Simon:
             OK.   I will remove that directory and then patch the Front End Server with the .60 OWA patch after my Change Request gets approved today.   I will let you know the results.

Tony
0
 

Author Comment

by:svmEMDS
ID: 18825398
Simon:
           I completed the steps in my last comment of removing that directory I copied over to the Exchange Front End servers and then I applied patch 924334 to both Front Ends and I still got the same symptom.   Users from this one particular Mailbx server can login fine via OWA but when they attempt to reply or send an email they get the message  "Forbidden".    I did not touch the Mailbox server, just the Front Ends.    Any other ideas ?  
Thanks

Tony
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18827013
If you have pinned it down to one server then I would be looking to resetting the virtual folders of that backend server initially. That will make sure that you do not have any simple permissions errors.

http://support.microsoft.com/default.aspx?kbid=883380

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18836151
Simon:

What about the possibiilty of removing the patch on the troubled Mailbox Exchange server and reinstalling KB 924334 on it.     No one has touched the configuration of IIS on this Mailbox server, only thing that may have inadvertently happened was the KB 924334 patch got installed on it before the Front End Exchange servers got patched.   Maybe reversing that order will clear up the issue.  

Just brainstorming

Tony
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 18838201
Wouldn't like to say. If you suspect a problem with a patch, then you should be able to speak to Microsoft free on those. They would be able to confirm whether it would resolve the problem or not.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18838398
Simon:

               I will contact Microsoft on the patch then and see what they say......thanks

Tony


0
 

Author Comment

by:svmEMDS
ID: 18991797
Issue resolved by opening case with MS.   Ended up IIS Manager and  Exchange virtual Directories (HTTP under ESM) were missing some Write and Directory Browsing Access Control Permissions.   Made sure permissions matched between the two and then restarted IIS Admin service on backend server with issue.   We could then login, reply, send and delete messages fine from OWA.   Still had another issue with accessing Public Folders from OWA from this backend exchange server.   So we went through procedures outlined in KB883380 to rebuild IIS database for ExchWeb, Exchange, IIS Admin and Public directories listed under default Website in IIS Manager.   Process rebuilds the IIS database which showed evidence of corruption.   Afterward we everything appeared to work fine.  Granting Simon 250 points for at least pointing me in the right direction.   Tberry

 
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question