[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

OWA access denied (Forbidden) error after moving mailbox

Posted on 2008-11-15
8
Medium Priority
?
5,116 Views
Last Modified: 2012-05-05
Hi,

I just migrated my domain Exchange 2003 version to Exchange 2007 into a new Windows 2008 64-bit server. After the initial installation, everything seemed to be working, but as soon as I move a mailbox from the old 2003 server to the new server 2007 server, Outlook Web Access (OWA) displays a "403 - Forbidden: Access is denied" error. Otherwise, all other functions seem to be working (POP, native Outlook, etc), except for the Exchange Attendant system that won't start automatically (not related I think). OWA also works for mailboxes that have not been moved yet.

I now have two Exchange servers (1x 2003 on w2k3 and 1x 2007 on w2k8) with two distinct IIS installations (IIS 6.0 and IIS 7.0) and the error message is the same whether I try to connect to the old server OWA or the one from the new server (with a mailbox that has been moved). The only customization done to the new IIS web server was the addition of a "binding" name (mail.xxx.com) on the Default Web Site. Of course I still have to migrate smtp, pop, etc. services and decommision the old Exchange 2003 server but I'd like to have everything working out of the Exchange 2007/Windows 2008 server first (I am also migrating the web server to this new server).

So, if I try to access OWA with a mailbox/account that has not been moved to the new mail server, everything works fine. Why? I did a pilot project a few months ago and never got this behavior.

Thanks in advance.
0
Comment
Question by:benjilafouine
  • 4
  • 4
8 Comments
 
LVL 14

Expert Comment

by:ashwynr
ID: 22970256
* To access OWA, did you try it with both the url mentioned below:
http://exchange.mydomain.com/owa or
http://exchange.mydomain.com/exchange
These are the default URLs for OWA.

If either of them work fine then the below article will help you to fix something that needs fixing:
http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx

Let us know if this does not help.

#wyn
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 22970646
I had already tried the above url but without luck. Also, the Technet link does not seem to apply to IIS7.0 as menus and sommands do not correspond.

I was however able to obtain more information by starting the link (mail.domain.net/exchange) directly from within IIS7.0 and it gave me more information on the error (see attached file). It seems that IIS/OWA is expecting a SSL connection instead.

I followed the link at the bottom of the page and followed the instructions to disabkle SSL and from an external network, I typed in mail.internal.domain.net/exchange and got the usernam and password priompt. To go one step further, I had to enter my full username such as: internal.domain.net\firstname.lastname and my regular password and surprise: the next page opened with "There is a problem with this website's security certificate". Even with disabled SSL!

I then clicked on "Continue to this web site" and OWA started correctly.

There is obviously something I can do to simplify this process because it is very confusing.

Any clue?
IIS-7-0-Detailed-Error---403-4--.jpg
0
 
LVL 14

Expert Comment

by:ashwynr
ID: 22970743
What happened if you try to browse using "HPPTS" and not "HTTP"?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:benjilafouine
ID: 22970776
It doesn't work. It works with http, then gives a certificate error and when ignoring the certificate error, the final OWA page starts by htpps.

Really strange.
0
 
LVL 14

Accepted Solution

by:
ashwynr earned 2000 total points
ID: 22970827
It is strange, but there's something that surely needs to be corrected.
Check the url below, it talks about similar scenario

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23336566.html?sfQueryTermInfo=1+%22exchang+2007+server+2008%22

This could be of some help.

#wyn
0
 
LVL 1

Author Comment

by:benjilafouine
ID: 22971526
It's working now! The link above helped greatly even if I didn't go the SSL way.

Here is the thing:

As I had pointed out, I had disabled SSL in IIS7.0 following a link found on the net but I was still haveing a certificate error. The link above describes a function that must be done in the server configuration\client access section of EMC and then right clicking on OWA to set the security.

When I accessed this properties window, the internal URL began with https:// and as soon as I replaced it with http:// the certificate error went away. I didn't change anything else.

Thanks for your help.
0
 
LVL 14

Expert Comment

by:ashwynr
ID: 22972057
Glad to know that it helped.
If you think that it's solved your query then you could close this question by assigning points.

Cheers!

#wyn
0
 
LVL 1

Author Closing Comment

by:benjilafouine
ID: 31517182
Thanks a lot. Now I can decommission my old Exchange 2003 server.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question