?
Solved

OWA will not display images

Posted on 2008-06-24
8
Medium Priority
?
2,217 Views
Last Modified: 2013-11-29
I'm trying to get OWA to work for Exchange 2007 SP1 running on Windows 2008 Server.
I seem to have some type of permissions issue, because while I can see the first page of the inbox after connecting, no images display, the screen looks like unformatted text, and pressing on a link does nothing.

I tried reinstalling Update Rollup 2 for Exchange 2007 SP1 (as I saw that could be an issue).  That did not work.

On the OWA folder the authentication for Basic and Windows is enabled.  And on the OWA/8.1.278.2 the authentican for Anonymous is enabled.  

I've read through this question (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23181376.html)
and tried changing some settings but it did not appear to help.

I've tried changing the physical path to give "everyone" read access to the physical location on the C:\ drive.

I've also noticed that when I go under the "actions" pane to "basic settings" when I test my connection, my authenticaion fails.  I can set a specific user and then it will pass, but the default "MSExchangeOWAAppPool" does not work.



0
Comment
Question by:Jonny98
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:Jonny98
ID: 21862071
When I go to "basic settings" -> "Test connection" I get the following error:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Yet, there doesn't not appear to be a NCS\MAIL$ account (i.e. my domain\computername$) when I go to add it to the permissions.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 2000 total points
ID: 21865145
If you have checked that the image folder has Anonymous Access enabled, then it sounds like there may be a problem with the account that the server uses for AA operations.  Check that the IUSR_COMPUTERNAME account still exists in AD, and that it is not locked out or disabled.
0
 

Author Comment

by:Jonny98
ID: 21865487
Thanks for the response.

Yes, under authentication in IIS for the images folder, "anonymous authentication" is enabled.  In fact, "anonymous authentication" is enabled for every folder in IIIS except the owa folder which has "windows authenticaition" and "basic authentication" enabled.

When I go the physical folder, I have "IUSR", "Anonomouse Logon", and "everyone" with permission to read and execute.  When I go to add an account for IUSR-COMPUTERNAME it cannot find it.  I've looked under the domain and under the local commputer (MAIL),  Is there a way to add the appropriate account?  or is the IUSR accont all I need (although if it is, why is not working then)?

Thanks.
 
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 2000 total points
ID: 21865708
It's a bit tricky, because I don't have Win2008 in front of me right now, but when you look at the properties of, for example, your /owa/8.1.278.2 folder in IIS Manager, you should be able to see which account is used for Anonymous Access.  It would usually be something like IUSR_COMPUTERNAME, but may be different in Win2008.  Once you know what the account name is, you can check Active Directory Users And Computers to make sure that the account still actually exists.  The problem is, it's not easy to recreate the account because it has a special password synchronization arrangement with IIS.

It's easy to check if there's a problem with it.  Got to another location with Anonymous Access enabled, like the Default Web Site on the server i.e. http://servername , and see if that works okay.
0
 

Author Comment

by:Jonny98
ID: 21867289
Thanks for the help again.

There is an IUSR account that read & execute access to the directory via being a member of the IIS_IUSRS group.  I can't see the IUSR account anywhere in active directory even with viewing the "advanced features."  It can see IIS_IUSRS security group that has access, of which IUSR is the only member.      I also can't go to a specific directory and add IUSR or IIS_IUSRS as when I go to check the names it can't find them on the domain or the mail server.

when I go to http://servername, then I get a HTTP 403 error (and it says "The website declined to show this webpage  HTTP 403  Most likely causes:  This website requires you to log in.  "), YET the default website has IIS_IUSRS given read permissions.

Whenever I go to "basic settings" and try to test the connection the authentication fails, with the user set to "Application user (pass-thru authentication)"

I can set it to an administrator username/pwd and then the authentification works, but I can't set it to IUSR because it won't recognize the account and I don't know the password anyway (and can't figure out where to reset it...or if that would even be advisable).

Any other ideas?

0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 2000 total points
ID: 21873936
Ah, in IIS7 the IUSR account replaces the IUSR_COMPUTERNAME account.  According to this, it does not need a password:
http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-7/
0
 

Author Comment

by:Jonny98
ID: 21878319
OK.  Thanks.  That explains the user account then.

I think I might just reinstall 2008 Server and Exchange 2007 SP1 and hope for better results.  I've spent 3 days on this, and looked at all the permissions and authentifications more times than I can count.  It doesn't make any sense it still won't authenticate.
0
 

Author Closing Comment

by:Jonny98
ID: 31470384
It turns out Microsoft software just stinks and I'll try reinstalling.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question