[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

OWA will not display images

Posted on 2008-06-24
8
Medium Priority
?
2,220 Views
Last Modified: 2013-11-29
I'm trying to get OWA to work for Exchange 2007 SP1 running on Windows 2008 Server.
I seem to have some type of permissions issue, because while I can see the first page of the inbox after connecting, no images display, the screen looks like unformatted text, and pressing on a link does nothing.

I tried reinstalling Update Rollup 2 for Exchange 2007 SP1 (as I saw that could be an issue).  That did not work.

On the OWA folder the authentication for Basic and Windows is enabled.  And on the OWA/8.1.278.2 the authentican for Anonymous is enabled.  

I've read through this question (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23181376.html)
and tried changing some settings but it did not appear to help.

I've tried changing the physical path to give "everyone" read access to the physical location on the C:\ drive.

I've also noticed that when I go under the "actions" pane to "basic settings" when I test my connection, my authenticaion fails.  I can set a specific user and then it will pass, but the default "MSExchangeOWAAppPool" does not work.



0
Comment
Question by:Jonny98
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:Jonny98
ID: 21862071
When I go to "basic settings" -> "Test connection" I get the following error:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Yet, there doesn't not appear to be a NCS\MAIL$ account (i.e. my domain\computername$) when I go to add it to the permissions.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 2000 total points
ID: 21865145
If you have checked that the image folder has Anonymous Access enabled, then it sounds like there may be a problem with the account that the server uses for AA operations.  Check that the IUSR_COMPUTERNAME account still exists in AD, and that it is not locked out or disabled.
0
 

Author Comment

by:Jonny98
ID: 21865487
Thanks for the response.

Yes, under authentication in IIS for the images folder, "anonymous authentication" is enabled.  In fact, "anonymous authentication" is enabled for every folder in IIIS except the owa folder which has "windows authenticaition" and "basic authentication" enabled.

When I go the physical folder, I have "IUSR", "Anonomouse Logon", and "everyone" with permission to read and execute.  When I go to add an account for IUSR-COMPUTERNAME it cannot find it.  I've looked under the domain and under the local commputer (MAIL),  Is there a way to add the appropriate account?  or is the IUSR accont all I need (although if it is, why is not working then)?

Thanks.
 
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 2000 total points
ID: 21865708
It's a bit tricky, because I don't have Win2008 in front of me right now, but when you look at the properties of, for example, your /owa/8.1.278.2 folder in IIS Manager, you should be able to see which account is used for Anonymous Access.  It would usually be something like IUSR_COMPUTERNAME, but may be different in Win2008.  Once you know what the account name is, you can check Active Directory Users And Computers to make sure that the account still actually exists.  The problem is, it's not easy to recreate the account because it has a special password synchronization arrangement with IIS.

It's easy to check if there's a problem with it.  Got to another location with Anonymous Access enabled, like the Default Web Site on the server i.e. http://servername , and see if that works okay.
0
 

Author Comment

by:Jonny98
ID: 21867289
Thanks for the help again.

There is an IUSR account that read & execute access to the directory via being a member of the IIS_IUSRS group.  I can't see the IUSR account anywhere in active directory even with viewing the "advanced features."  It can see IIS_IUSRS security group that has access, of which IUSR is the only member.      I also can't go to a specific directory and add IUSR or IIS_IUSRS as when I go to check the names it can't find them on the domain or the mail server.

when I go to http://servername, then I get a HTTP 403 error (and it says "The website declined to show this webpage  HTTP 403  Most likely causes:  This website requires you to log in.  "), YET the default website has IIS_IUSRS given read permissions.

Whenever I go to "basic settings" and try to test the connection the authentication fails, with the user set to "Application user (pass-thru authentication)"

I can set it to an administrator username/pwd and then the authentification works, but I can't set it to IUSR because it won't recognize the account and I don't know the password anyway (and can't figure out where to reset it...or if that would even be advisable).

Any other ideas?

0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 2000 total points
ID: 21873936
Ah, in IIS7 the IUSR account replaces the IUSR_COMPUTERNAME account.  According to this, it does not need a password:
http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-7/
0
 

Author Comment

by:Jonny98
ID: 21878319
OK.  Thanks.  That explains the user account then.

I think I might just reinstall 2008 Server and Exchange 2007 SP1 and hope for better results.  I've spent 3 days on this, and looked at all the permissions and authentifications more times than I can count.  It doesn't make any sense it still won't authenticate.
0
 

Author Closing Comment

by:Jonny98
ID: 31470384
It turns out Microsoft software just stinks and I'll try reinstalling.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question