Solved

OWA will not display images

Posted on 2008-06-24
8
2,211 Views
Last Modified: 2013-11-29
I'm trying to get OWA to work for Exchange 2007 SP1 running on Windows 2008 Server.
I seem to have some type of permissions issue, because while I can see the first page of the inbox after connecting, no images display, the screen looks like unformatted text, and pressing on a link does nothing.

I tried reinstalling Update Rollup 2 for Exchange 2007 SP1 (as I saw that could be an issue).  That did not work.

On the OWA folder the authentication for Basic and Windows is enabled.  And on the OWA/8.1.278.2 the authentican for Anonymous is enabled.  

I've read through this question (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23181376.html)
and tried changing some settings but it did not appear to help.

I've tried changing the physical path to give "everyone" read access to the physical location on the C:\ drive.

I've also noticed that when I go under the "actions" pane to "basic settings" when I test my connection, my authenticaion fails.  I can set a specific user and then it will pass, but the default "MSExchangeOWAAppPool" does not work.



0
Comment
Question by:Jonny98
  • 5
  • 3
8 Comments
 

Author Comment

by:Jonny98
ID: 21862071
When I go to "basic settings" -> "Test connection" I get the following error:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Yet, there doesn't not appear to be a NCS\MAIL$ account (i.e. my domain\computername$) when I go to add it to the permissions.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 21865145
If you have checked that the image folder has Anonymous Access enabled, then it sounds like there may be a problem with the account that the server uses for AA operations.  Check that the IUSR_COMPUTERNAME account still exists in AD, and that it is not locked out or disabled.
0
 

Author Comment

by:Jonny98
ID: 21865487
Thanks for the response.

Yes, under authentication in IIS for the images folder, "anonymous authentication" is enabled.  In fact, "anonymous authentication" is enabled for every folder in IIIS except the owa folder which has "windows authenticaition" and "basic authentication" enabled.

When I go the physical folder, I have "IUSR", "Anonomouse Logon", and "everyone" with permission to read and execute.  When I go to add an account for IUSR-COMPUTERNAME it cannot find it.  I've looked under the domain and under the local commputer (MAIL),  Is there a way to add the appropriate account?  or is the IUSR accont all I need (although if it is, why is not working then)?

Thanks.
 
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 500 total points
ID: 21865708
It's a bit tricky, because I don't have Win2008 in front of me right now, but when you look at the properties of, for example, your /owa/8.1.278.2 folder in IIS Manager, you should be able to see which account is used for Anonymous Access.  It would usually be something like IUSR_COMPUTERNAME, but may be different in Win2008.  Once you know what the account name is, you can check Active Directory Users And Computers to make sure that the account still actually exists.  The problem is, it's not easy to recreate the account because it has a special password synchronization arrangement with IIS.

It's easy to check if there's a problem with it.  Got to another location with Anonymous Access enabled, like the Default Web Site on the server i.e. http://servername , and see if that works okay.
0
 

Author Comment

by:Jonny98
ID: 21867289
Thanks for the help again.

There is an IUSR account that read & execute access to the directory via being a member of the IIS_IUSRS group.  I can't see the IUSR account anywhere in active directory even with viewing the "advanced features."  It can see IIS_IUSRS security group that has access, of which IUSR is the only member.      I also can't go to a specific directory and add IUSR or IIS_IUSRS as when I go to check the names it can't find them on the domain or the mail server.

when I go to http://servername, then I get a HTTP 403 error (and it says "The website declined to show this webpage  HTTP 403  Most likely causes:  This website requires you to log in.  "), YET the default website has IIS_IUSRS given read permissions.

Whenever I go to "basic settings" and try to test the connection the authentication fails, with the user set to "Application user (pass-thru authentication)"

I can set it to an administrator username/pwd and then the authentification works, but I can't set it to IUSR because it won't recognize the account and I don't know the password anyway (and can't figure out where to reset it...or if that would even be advisable).

Any other ideas?

0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 500 total points
ID: 21873936
Ah, in IIS7 the IUSR account replaces the IUSR_COMPUTERNAME account.  According to this, it does not need a password:
http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-7/
0
 

Author Comment

by:Jonny98
ID: 21878319
OK.  Thanks.  That explains the user account then.

I think I might just reinstall 2008 Server and Exchange 2007 SP1 and hope for better results.  I've spent 3 days on this, and looked at all the permissions and authentifications more times than I can count.  It doesn't make any sense it still won't authenticate.
0
 

Author Closing Comment

by:Jonny98
ID: 31470384
It turns out Microsoft software just stinks and I'll try reinstalling.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question