Solved

OWA will not display images

Posted on 2008-06-24
8
2,207 Views
Last Modified: 2013-11-29
I'm trying to get OWA to work for Exchange 2007 SP1 running on Windows 2008 Server.
I seem to have some type of permissions issue, because while I can see the first page of the inbox after connecting, no images display, the screen looks like unformatted text, and pressing on a link does nothing.

I tried reinstalling Update Rollup 2 for Exchange 2007 SP1 (as I saw that could be an issue).  That did not work.

On the OWA folder the authentication for Basic and Windows is enabled.  And on the OWA/8.1.278.2 the authentican for Anonymous is enabled.  

I've read through this question (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23181376.html)
and tried changing some settings but it did not appear to help.

I've tried changing the physical path to give "everyone" read access to the physical location on the C:\ drive.

I've also noticed that when I go under the "actions" pane to "basic settings" when I test my connection, my authenticaion fails.  I can set a specific user and then it will pass, but the default "MSExchangeOWAAppPool" does not work.



0
Comment
Question by:Jonny98
  • 5
  • 3
8 Comments
 

Author Comment

by:Jonny98
Comment Utility
When I go to "basic settings" -> "Test connection" I get the following error:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Yet, there doesn't not appear to be a NCS\MAIL$ account (i.e. my domain\computername$) when I go to add it to the permissions.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
Comment Utility
If you have checked that the image folder has Anonymous Access enabled, then it sounds like there may be a problem with the account that the server uses for AA operations.  Check that the IUSR_COMPUTERNAME account still exists in AD, and that it is not locked out or disabled.
0
 

Author Comment

by:Jonny98
Comment Utility
Thanks for the response.

Yes, under authentication in IIS for the images folder, "anonymous authentication" is enabled.  In fact, "anonymous authentication" is enabled for every folder in IIIS except the owa folder which has "windows authenticaition" and "basic authentication" enabled.

When I go the physical folder, I have "IUSR", "Anonomouse Logon", and "everyone" with permission to read and execute.  When I go to add an account for IUSR-COMPUTERNAME it cannot find it.  I've looked under the domain and under the local commputer (MAIL),  Is there a way to add the appropriate account?  or is the IUSR accont all I need (although if it is, why is not working then)?

Thanks.
 
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 500 total points
Comment Utility
It's a bit tricky, because I don't have Win2008 in front of me right now, but when you look at the properties of, for example, your /owa/8.1.278.2 folder in IIS Manager, you should be able to see which account is used for Anonymous Access.  It would usually be something like IUSR_COMPUTERNAME, but may be different in Win2008.  Once you know what the account name is, you can check Active Directory Users And Computers to make sure that the account still actually exists.  The problem is, it's not easy to recreate the account because it has a special password synchronization arrangement with IIS.

It's easy to check if there's a problem with it.  Got to another location with Anonymous Access enabled, like the Default Web Site on the server i.e. http://servername , and see if that works okay.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:Jonny98
Comment Utility
Thanks for the help again.

There is an IUSR account that read & execute access to the directory via being a member of the IIS_IUSRS group.  I can't see the IUSR account anywhere in active directory even with viewing the "advanced features."  It can see IIS_IUSRS security group that has access, of which IUSR is the only member.      I also can't go to a specific directory and add IUSR or IIS_IUSRS as when I go to check the names it can't find them on the domain or the mail server.

when I go to http://servername, then I get a HTTP 403 error (and it says "The website declined to show this webpage  HTTP 403  Most likely causes:  This website requires you to log in.  "), YET the default website has IIS_IUSRS given read permissions.

Whenever I go to "basic settings" and try to test the connection the authentication fails, with the user set to "Application user (pass-thru authentication)"

I can set it to an administrator username/pwd and then the authentification works, but I can't set it to IUSR because it won't recognize the account and I don't know the password anyway (and can't figure out where to reset it...or if that would even be advisable).

Any other ideas?

0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 500 total points
Comment Utility
Ah, in IIS7 the IUSR account replaces the IUSR_COMPUTERNAME account.  According to this, it does not need a password:
http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-7/
0
 

Author Comment

by:Jonny98
Comment Utility
OK.  Thanks.  That explains the user account then.

I think I might just reinstall 2008 Server and Exchange 2007 SP1 and hope for better results.  I've spent 3 days on this, and looked at all the permissions and authentifications more times than I can count.  It doesn't make any sense it still won't authenticate.
0
 

Author Closing Comment

by:Jonny98
Comment Utility
It turns out Microsoft software just stinks and I'll try reinstalling.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now