403.4 error IIS6 and Exchange 2003

Add an SSL certificate to it, then disable "require SSL" in the directory security tab

Thanks, I'll give it a try when I get home, but require ssl is currently not selected in the directory security tab.

If that doesn't do it, then I would be resetting the virtual directories - but I would have expected an uninstall/reinstall to do that just as well...

Installed cert, enabled SSL on Exchange directory and public. Result http://localhost/exchange  403.4 error
https://localhost/exchange you get the FBA login that I enabled. Enter username and password and then I get o 403.4 error again. I remove require SSL, not http://localhost/exchange give pre fba login box, I log in and get 403.4 error again

Can you paste the IIS Log File entries generated when you try to use OWA?  Double-click the latest file in C:\Windows\System32\LogFiles\W3SVC1 , and it will open in Notepad.  Scroll down until you can see your latest GET request for /Exchange, and show us the lines created (you will see the numbers 403 4 near the end of the line/s).  Note that the times in the log file are in GMT.

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-10-12 05:57:25
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-10-12 05:57:25 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 4 5
2007-10-12 05:58:27 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-12 05:58:41 W3SVC1 127.0.0.1 GET /Exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0
2007-10-12 06:00:17 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 4 5
2007-10-12 06:00:46 W3SVC1 127.0.0.1 GET /exchange - 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-12 06:00:46 W3SVC1 127.0.0.1 GET /exchweb/bin/auth/owalogon.asp url=https://localhost/exchange&reason=0 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 200 0 0
2007-10-12 06:00:54 W3SVC1 127.0.0.1 POST /exchweb/bin/auth/owaauth.dll - 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 200 0 0
2007-10-12 06:00:54 W3SVC1 127.0.0.1 GET /exchange - 443 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0
2007-10-12 06:01:12 W3SVC1 127.0.0.1 GET /exchweb/bin/auth/owalogon.asp url=https://localhost/exchange&reason=0 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 200 0 0
2007-10-12 06:02:24 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 4 5
2007-10-12 06:04:30 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-12 06:05:26 W3SVC1 127.0.0.1 GET /Exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0

Thanks.  When you ask for /Exchange on port 80 (http) it returns a 403;4 .  We have established that this means that SSL required.  If you are 100% certain that the 'Require SSL' checkbox is not enabled on your 'Exchange' Virtual Directory in IIS Manager, then something really strange is happening.  I've certainly not heard of it before.

When you go to https://server/exchange , you are seeing the FBA logon page, but the error you get after that is slightly different - 403;0 .  The problem with that is, if you look at the Custom Errors tab in IIS Manager, it isn't even listed, so we can't find out what causes it.

You might try deleting the Exchange VDir altogether, and use this to re-create it (I think method 3 is easiest):
http://support.microsoft.com/kb/883380

Followed step 3, this gets the same result. Disabled FBA still getting 403.4
I've been supporting Exchange for years and have never seen anything like this either. The don't have an os  disk at the remote site, I may have to vpn it to them and just do a reinstall.

I don't think you're getting a 403;4.  If you look at the last few lines you pasted earlier (without FBA enabled):

2007-10-12 06:04:30 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254

2007-10-12 06:05:26 W3SVC1 127.0.0.1 GET /Exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0

It looks like you get a 403;0 .  This isn't supposed to exist, which makes it very hard to troubleshoot.  This is so puzzling that I've emailed the Exchange MVP mailing list about it.  Hopefully someone from MS will chip in with an answer.

That is very interesting  http://localhost/Exchange, gives you this:
Please try the following:

Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.

Logs show this:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-10-13 02:21:57
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-10-13 02:21:57 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-13 02:22:04 W3SVC1 127.0.0.1 GET /Exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0
2007-10-13 02:22:23 W3SVC1 127.0.0.1 GET /Exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-13 02:22:31 W3SVC1 127.0.0.1 GET /Exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0

What happens if you do type https://localhost/exchange ?

One suggestion I have received is that you make sure in your AD account details that OWA is enabled.  I think that you would probably receive a more helpful message if it was not, but it may be worth checking.

typing https://localhost/exchange  gives this page cannot be displayed\page unavailable, this is with the cert uninstalled. With the cert installed we get Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
Version: 1.0
#Date: 2007-10-13 03:25:24
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-10-13 03:25:24 W3SVC1 127.0.0.1 GET /exchange - 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-13 03:27:53 W3SVC1 127.0.0.1 GET /exchange - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-13 03:28:00 W3SVC1 127.0.0.1 GET /exchange - 80 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-10-13 03:29:44
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-10-13 03:29:44 W3SVC1 127.0.0.1 GET /exchange - 443 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254
2007-10-13 03:29:53 W3SVC1 127.0.0.1 GET /exchange - 443 elau 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 0 0

yes Outlook Web Access is enable on my account.

I thought it would be, but since somebody suggested it, I thought I'd pass it on.  I've had some contact with the Exchange dev team, and even they think the 403;0 log entries look strange.  We'll have to hope that they come back with something.

I guess we have no choice, will reinstall the OS

Well I did a reinstall of the OS, installed Exchange 2003, set as a front end server. When going to http://newmachine/exchange, it still says https is required. This leads me to believe that there may never was an issue with this server. Issue must be with the original backend sever which is currents housing exchange and serving as an OWA server

what if you go to http://backend/exchange?

You don't have SSL required on the backend server, do you?

ssl is required on the back end. The customer did not have a front end server before now.

http://backend/exchange gives the 403.4 error

Thanks Lee, I must have enabled it when I did my initial security audit.