Solved

Exchange 2003 Server OWA, Users get "Forbidden" message for a Reply to or Sending an Email

Posted on 2007-03-23
12
425 Views
Last Modified: 2008-01-09
Had and issue (posted on Exchange Networks) with users on just one particular Exchange 2003 Mailbox Server where the users were getting     Loading .........   displayed after login to OWA.    Jay_Dale answered me back and I got suggested I look at KB910119.   Did that and found the issue to be as the article said the Exchweb directory on this Backend Server and the Front Servers had a directory mismatch.   Copied the directory missing from the Backend Mail server to the Front Ends and that resolved the Loading........   display issue and users were able to get into their email via OWA fine.     Days later discovered that when the users try to reply to or send a new Email they get a message that Pops up saying "Forbidden" and they cannot send or Reply as a result.      
0
Comment
Question by:svmEMDS
  • 7
  • 5
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18783980
You shouldn't have copied the missing directory across. The directory version is just a symptom of the problem and is something that is easily checked for version mismatch.

What you should have done was installed the actual patch or update that created that missing directory.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18792764
Sembee:

           Out of 14 Mailbox servers this server is the only one with this extra directory under C:\Program Files\Exchsrvr\ExchWeb    All of the other servers have the following under the above path:   6.5.6944.0, 6.5.7226.0, 6.5.7638.1 but the server with the issue has an extra directory 6.5.7651.60 that shows up and displays in IIS under the Default WebSite and ExchWeb.  Not sure how this happened.     Is there anyway to reverse this on the one server ?   I added the extra directory in my earlier comments to our Exchange Front End servers.    I surely don't want to have to patch all of the other 13 Exchange Mailbox servers.  

Tony
 

0
 
LVL 104

Expert Comment

by:Sembee
ID: 18793124
Any reason you don't want to patch the other servers?
There have been a serious of updates for OWA to deal with prompts and other issues since Microsoft lost a court case over something or other. 6.5.7651.60 is the current latest patch for OWA.

However, frontend servers should always be the highest version, so I would suggest patching at least all of your frontend servers.
The patch that caused that update was http://support.microsoft.com/default.aspx?kbid=924334

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18793353
Simon:
        Best case scenario I figured I would need to at least patch the Front End Servers.   Just didn't want to break anything with all of the other 13 servers working just fine.    Can I leave the 6.5.7651.60 directory that I copied over from the problem Mailbox server to the Front End servers and then just apply the 924334 patch to the Front End servers.    If so I will put in a change request today to get the Front Ends patched.    Front Ends should be patched first.     Let me know.   I will try it and let you know how it went.      Thanks for your comments.  

Tony
   
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18793389
Copying that folder across has probably caused more problems than it fixes. I would remove it as it should only be installed as part of the patch.

The golden rule with fe/be scenario is that the frontends should always be the same or higher than the backends. OWA etc can go backwards in versions, but not forwards.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18793527
Simon:
             OK.   I will remove that directory and then patch the Front End Server with the .60 OWA patch after my Change Request gets approved today.   I will let you know the results.

Tony
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:svmEMDS
ID: 18825398
Simon:
           I completed the steps in my last comment of removing that directory I copied over to the Exchange Front End servers and then I applied patch 924334 to both Front Ends and I still got the same symptom.   Users from this one particular Mailbx server can login fine via OWA but when they attempt to reply or send an email they get the message  "Forbidden".    I did not touch the Mailbox server, just the Front Ends.    Any other ideas ?  
Thanks

Tony
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18827013
If you have pinned it down to one server then I would be looking to resetting the virtual folders of that backend server initially. That will make sure that you do not have any simple permissions errors.

http://support.microsoft.com/default.aspx?kbid=883380

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18836151
Simon:

What about the possibiilty of removing the patch on the troubled Mailbox Exchange server and reinstalling KB 924334 on it.     No one has touched the configuration of IIS on this Mailbox server, only thing that may have inadvertently happened was the KB 924334 patch got installed on it before the Front End Exchange servers got patched.   Maybe reversing that order will clear up the issue.  

Just brainstorming

Tony
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 18838201
Wouldn't like to say. If you suspect a problem with a patch, then you should be able to speak to Microsoft free on those. They would be able to confirm whether it would resolve the problem or not.

Simon.
0
 

Author Comment

by:svmEMDS
ID: 18838398
Simon:

               I will contact Microsoft on the patch then and see what they say......thanks

Tony


0
 

Author Comment

by:svmEMDS
ID: 18991797
Issue resolved by opening case with MS.   Ended up IIS Manager and  Exchange virtual Directories (HTTP under ESM) were missing some Write and Directory Browsing Access Control Permissions.   Made sure permissions matched between the two and then restarted IIS Admin service on backend server with issue.   We could then login, reply, send and delete messages fine from OWA.   Still had another issue with accessing Public Folders from OWA from this backend exchange server.   So we went through procedures outlined in KB883380 to rebuild IIS database for ExchWeb, Exchange, IIS Admin and Public directories listed under default Website in IIS Manager.   Process rebuilds the IIS database which showed evidence of corruption.   Afterward we everything appeared to work fine.  Granting Simon 250 points for at least pointing me in the right direction.   Tberry

 
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now