Exchange 2003 - OWA gives 404 error on owaauth.dll
Hi,
I've been battering my head against this for a few days now with no joy, so figured I'd fire it out there and see if anyone can help.
Got a Front end/Back end Exchange 2003 system behind ISA 2000 for OWA. With Forms Based Authentication turned off, https://webmail.server.com/exchange prompts for username and password in a normal dialogue box and works, taking the user to their mailbox.
With Forms Based Authentication turned on, https://webmail.server.com/exchange brings up the FBA page (/exchweb/bin/auth/owalogo
All permissions at IIS and NTFS appear correct, scrrun.dll is registered and assigned properly, so I'm at a complete loss as to why this is happening.
Any help appreciated.
I've been battering my head against this for a few days now with no joy, so figured I'd fire it out there and see if anyone can help.
Got a Front end/Back end Exchange 2003 system behind ISA 2000 for OWA. With Forms Based Authentication turned off, https://webmail.server.com/exchange prompts for username and password in a normal dialogue box and works, taking the user to their mailbox.
With Forms Based Authentication turned on, https://webmail.server.com/exchange brings up the FBA page (/exchweb/bin/auth/owalogo
All permissions at IIS and NTFS appear correct, scrrun.dll is registered and assigned properly, so I'm at a complete loss as to why this is happening.
Any help appreciated.
ATIG
Can you go direct to the BE server a logon? via OWA?
ASKER
Going directly to the BE server brings up a dialogue box prompting for username and password, entering those takes you to your mailbox.
have you made any changes to the FE server?
--Have you tried reinstall Exchange?
-- Uninstall Exchange
--Uninstall IIS
--reinstall IIS
--reinstall Exchange + SP's and patches?
--Have you tried reinstall Exchange?
-- Uninstall Exchange
--Uninstall IIS
--reinstall IIS
--reinstall Exchange + SP's and patches?
ASKER
My most extreme attempt to get it working has been deleting the virtual directories, removing references in the Exchange Meta Explorer and then recreating the directories with the system attendant. Unfortunately uninstalling Exchange and/or IIS and reinstalling them aren't an option just now as various company directors are using webmail while abroad. That said, I'm not certain what effect uninstalling and reinstalling exchange would have that deleting and recreating the virtual directories wouldn't cover.
It's not an enormous priority getting the FBA interface working, as webmail will work without it, but it would look an awful lot prettier, and after a few days of searching for answers it's become something of a mission for me to do!
I guess the main question is, what circumstances would cause http://webmail.server.com/exchweb/bin/auth/owaauth.dll to display as a 404, if the permissions are correct (NTFS and IIS), the file exists, and dlls are registered to use scrrun.dll in IIS manager.
It's not an enormous priority getting the FBA interface working, as webmail will work without it, but it would look an awful lot prettier, and after a few days of searching for answers it's become something of a mission for me to do!
I guess the main question is, what circumstances would cause http://webmail.server.com/exchweb/bin/auth/owaauth.dll to display as a 404, if the permissions are correct (NTFS and IIS), the file exists, and dlls are registered to use scrrun.dll in IIS manager.
Have a look in your IIS logs, and see if you can copy/paste for us the whole line showing the request for owaauth.dll and the 404 response. The sub-status and error codes that are logged might help.
ASKER
Hi folks,
Sorry about the lack of feedback, been busy so not had a chance to look at this - doing a 5.5 -> 2003 mail migration for the whole company.
Will post IIS logs on Monday.
Thanks for your assistance.
Sorry about the lack of feedback, been busy so not had a chance to look at this - doing a 5.5 -> 2003 mail migration for the whole company.
Will post IIS logs on Monday.
Thanks for your assistance.
ASKER
Hi,
IIS logs from the front end server with FBA turned on, changed name of the server in the logs to webmail.server.co.uk, it is correct in the actual log.
As you can see, it finds /exchweb/bin/auth/owalogon
It doesn't make sense to me why, when owalogon.asp and owaauth.dll are in the same folder, one returns a 404.
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-08-20 13:03:15 W3SVC1 120.1.128.80 GET /exchange - 443 - 120.128.0.128 Mozilla/4.0+(compatible;+M
2007-08-20 13:03:15 W3SVC1 120.1.128.80 GET /exchweb/bin/auth/owalogon
2007-08-20 13:03:21 W3SVC1 120.1.128.80 POST /exchweb/bin/auth/owaauth.
Many thanks for assistance,
Kenny.
IIS logs from the front end server with FBA turned on, changed name of the server in the logs to webmail.server.co.uk, it is correct in the actual log.
As you can see, it finds /exchweb/bin/auth/owalogon
It doesn't make sense to me why, when owalogon.asp and owaauth.dll are in the same folder, one returns a 404.
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-08-20 13:03:15 W3SVC1 120.1.128.80 GET /exchange - 443 - 120.128.0.128 Mozilla/4.0+(compatible;+M
2007-08-20 13:03:15 W3SVC1 120.1.128.80 GET /exchweb/bin/auth/owalogon
2007-08-20 13:03:21 W3SVC1 120.1.128.80 POST /exchweb/bin/auth/owaauth.
Many thanks for assistance,
Kenny.
could be permission on the foler or files.....
404;2 means 'Denied due to lockdown policy', so something is prohibiting the POST verb. Do you URLScan on the server, or IISLockdown?
ASKER
Hi Folks,
Progress! Searching for fixes to the 404;2 (thanks LeeDerbyshire), I found that that's due to policy lockdown on the ISAPI extension for owaauth. I allowed it, and now rather than getting a 404 error, I get a 'The specified procedure could not be found." up in the browser after entering username/password.
IIS shows the following error at that event: 500 0 127
Again, thanks for the assistance here.
Progress! Searching for fixes to the 404;2 (thanks LeeDerbyshire), I found that that's due to policy lockdown on the ISAPI extension for owaauth. I allowed it, and now rather than getting a 404 error, I get a 'The specified procedure could not be found." up in the browser after entering username/password.
IIS shows the following error at that event: 500 0 127
Again, thanks for the assistance here.
I've never heard of that error message before. 500;0 is a vague error which just means that 'something went wrong at the server end'. It might help to change the Application Pool setting on the Exchange Virtual Directory from 'ExchangeApplicationPool' to DefaultAppPool.
If it doesn't, does anything appear in the server's Application Event Log?
If it doesn't, does anything appear in the server's Application Event Log?
ASKER
Hi,
The 'the specified procedure could not be found' is just another way of putting the 127 error I think, I had friendly http errors turned off in IE.
Changing the Application Pool setting to DefaultAppPool didn't fix it.
There are events in the application event log now (on the FE server) though which weren't appearing under the ExchangeApplicationPool.
Event ID: 2050
Source: MSExchangeDSAccess
Type: Error
Process IISIPM11848E5E-4E38-4FBB-A
Many thanks.
The 'the specified procedure could not be found' is just another way of putting the 127 error I think, I had friendly http errors turned off in IE.
Changing the Application Pool setting to DefaultAppPool didn't fix it.
There are events in the application event log now (on the FE server) though which weren't appearing under the ExchangeApplicationPool.
Event ID: 2050
Source: MSExchangeDSAccess
Type: Error
Process IISIPM11848E5E-4E38-4FBB-A
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Cheers for that, it looks pretty promising - especially as I hadn't checked out the Exadmin dir's permissions.
Home now, will check first thing tomorrow and let you know:)
Kenny.
Cheers for that, it looks pretty promising - especially as I hadn't checked out the Exadmin dir's permissions.
Home now, will check first thing tomorrow and let you know:)
Kenny.