Solved

Wrong mailbox is pulled up when accessing OWA with correct credentials

Posted on 2007-03-27
2
926 Views
Last Modified: 2012-08-14
I am having issues with remote users that use OWA pulling up other users Mailboxes when putting in their credentials. This has only happened in one instance so far. Three different users are gettting one particular users Mailbox when they log on to OWA. Any ideas?
0
Comment
Question by:darovitz
2 Comments
 
LVL 1

Accepted Solution

by:
shinatykt earned 500 total points
ID: 18801447
Microsoft has reported a weakness in Exchange Server 2003, which is caused due to a bug in the handling of NTLM authentication in Outlook Web Access.
Systems configured to use NTLM instead of Kerberos (which is the default authentication scheme) may provide users access to mailboxes belonging to other users, which have recently accessed their mailbox. Microsoft Sharepoint Services may cause the configuration to be changed so that NTLM authentication is used instead of Kerberos. It is not possible for a malicious user to control which mailbox to access.

this might help - http://www.microsoft.com/downloads/details.aspx?FamilyId=9542F949-D09B-4199-A837-FBCFC0567676&displaylang=en
0
 

Author Comment

by:darovitz
ID: 18802446
the tool will not help because our exchange server is updated with the latest service packs and the above is an old tool.  Any other suggestions as this user is really irrated as others can see his email...  I wouldn't be happy either.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now