I've been having problems with certain users and OWA, some can login without an issue and others are getting an error 500. In attempting to fix the problem I've likely gone from bad to worse, but this is where I think I am:
Exchange 2003 Enterprise Backend Server running on a Windows 2003 server on the LAN
Exchange 2003 Enterprises Frontend Server running in DMA (I know, there's no use in putting in the DMZ, but that's where is).
From inside our network I've been able to open Outlook Web Access with me account by going to:
and logging in with domainname\username and password.
If I shut down IE (I'm using 6 but the same this is happening with IE 7 and firefox) and relaunch it and try it with another user account, one that's having the problem, I get an error 500.
Now, the very last thing I just tested was to clear my cookies and deleted my temp files from Tools->Internet Options of IE6 and now I can no longer log into OWA with my own username, which up until now was working. If I put in https://backendservername/exchange
(I'm on the LAN) I can get into OWA.
Additional error messages:
On the front end server if I open up the Exchange System Manager and then drill down to the backend server and the protocols I get the following message
The RPC Server is unavailable
ID no: 800706ba
Exchange System Manager
On the front end server in Event Viewer:
The Security System detected an authentication error for the server HTTP/backendservername.dom
The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
No changes have been made on our firewall from the time this was working until now. During my initial troubleshooting I removed the virtual directories on the frontend server and reinstalled them according to a link from Microsoft. We aren't using forms based authentication. I've got the proper Application Pool for the virtual directories under IIS, but I can't be sure that I have all the proper security settings setup.
I read at one time that on the backend under the Enable anonymous access for the directory security that I should set it to administrator and then set it back to IUSER_servername. I did this but when I set it back I didn't have a password. I manually reset the IUSER_servername users password and then matched in it the IIS direcotry security seetings. I'm not sure if that could have screwed things up.
Also, I'm not sure which virtual directories under the Default Web Site should have anonymous login enabled, for either the frontend backend, and which ones should have the Integrated Windows Authentication enabled, or basic authentication. We're using SSL. I'm thinking this directory security might be my issue but I'm not sure. Any help would be appreciated.
Without really knowing what it's for, I ran rpcping -s backendservername and got a reply, FWIW.