[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2221
  • Last Modified:

OWA will not display images

I'm trying to get OWA to work for Exchange 2007 SP1 running on Windows 2008 Server.
I seem to have some type of permissions issue, because while I can see the first page of the inbox after connecting, no images display, the screen looks like unformatted text, and pressing on a link does nothing.

I tried reinstalling Update Rollup 2 for Exchange 2007 SP1 (as I saw that could be an issue).  That did not work.

On the OWA folder the authentication for Basic and Windows is enabled.  And on the OWA/8.1.278.2 the authentican for Anonymous is enabled.  

I've read through this question (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23181376.html)
and tried changing some settings but it did not appear to help.

I've tried changing the physical path to give "everyone" read access to the physical location on the C:\ drive.

I've also noticed that when I go under the "actions" pane to "basic settings" when I test my connection, my authenticaion fails.  I can set a specific user and then it will pass, but the default "MSExchangeOWAAppPool" does not work.



0
Jonny98
Asked:
Jonny98
  • 5
  • 3
3 Solutions
 
Jonny98Author Commented:
When I go to "basic settings" -> "Test connection" I get the following error:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Yet, there doesn't not appear to be a NCS\MAIL$ account (i.e. my domain\computername$) when I go to add it to the permissions.
0
 
LeeDerbyshireCommented:
If you have checked that the image folder has Anonymous Access enabled, then it sounds like there may be a problem with the account that the server uses for AA operations.  Check that the IUSR_COMPUTERNAME account still exists in AD, and that it is not locked out or disabled.
0
 
Jonny98Author Commented:
Thanks for the response.

Yes, under authentication in IIS for the images folder, "anonymous authentication" is enabled.  In fact, "anonymous authentication" is enabled for every folder in IIIS except the owa folder which has "windows authenticaition" and "basic authentication" enabled.

When I go the physical folder, I have "IUSR", "Anonomouse Logon", and "everyone" with permission to read and execute.  When I go to add an account for IUSR-COMPUTERNAME it cannot find it.  I've looked under the domain and under the local commputer (MAIL),  Is there a way to add the appropriate account?  or is the IUSR accont all I need (although if it is, why is not working then)?

Thanks.
 
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LeeDerbyshireCommented:
It's a bit tricky, because I don't have Win2008 in front of me right now, but when you look at the properties of, for example, your /owa/8.1.278.2 folder in IIS Manager, you should be able to see which account is used for Anonymous Access.  It would usually be something like IUSR_COMPUTERNAME, but may be different in Win2008.  Once you know what the account name is, you can check Active Directory Users And Computers to make sure that the account still actually exists.  The problem is, it's not easy to recreate the account because it has a special password synchronization arrangement with IIS.

It's easy to check if there's a problem with it.  Got to another location with Anonymous Access enabled, like the Default Web Site on the server i.e. http://servername , and see if that works okay.
0
 
Jonny98Author Commented:
Thanks for the help again.

There is an IUSR account that read & execute access to the directory via being a member of the IIS_IUSRS group.  I can't see the IUSR account anywhere in active directory even with viewing the "advanced features."  It can see IIS_IUSRS security group that has access, of which IUSR is the only member.      I also can't go to a specific directory and add IUSR or IIS_IUSRS as when I go to check the names it can't find them on the domain or the mail server.

when I go to http://servername, then I get a HTTP 403 error (and it says "The website declined to show this webpage  HTTP 403  Most likely causes:  This website requires you to log in.  "), YET the default website has IIS_IUSRS given read permissions.

Whenever I go to "basic settings" and try to test the connection the authentication fails, with the user set to "Application user (pass-thru authentication)"

I can set it to an administrator username/pwd and then the authentification works, but I can't set it to IUSR because it won't recognize the account and I don't know the password anyway (and can't figure out where to reset it...or if that would even be advisable).

Any other ideas?

0
 
LeeDerbyshireCommented:
Ah, in IIS7 the IUSR account replaces the IUSR_COMPUTERNAME account.  According to this, it does not need a password:
http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-7/
0
 
Jonny98Author Commented:
OK.  Thanks.  That explains the user account then.

I think I might just reinstall 2008 Server and Exchange 2007 SP1 and hope for better results.  I've spent 3 days on this, and looked at all the permissions and authentifications more times than I can count.  It doesn't make any sense it still won't authenticate.
0
 
Jonny98Author Commented:
It turns out Microsoft software just stinks and I'll try reinstalling.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now