OWA access denied (Forbidden) error after moving mailbox


I just migrated my domain Exchange 2003 version to Exchange 2007 into a new Windows 2008 64-bit server. After the initial installation, everything seemed to be working, but as soon as I move a mailbox from the old 2003 server to the new server 2007 server, Outlook Web Access (OWA) displays a "403 - Forbidden: Access is denied" error. Otherwise, all other functions seem to be working (POP, native Outlook, etc), except for the Exchange Attendant system that won't start automatically (not related I think). OWA also works for mailboxes that have not been moved yet.

I now have two Exchange servers (1x 2003 on w2k3 and 1x 2007 on w2k8) with two distinct IIS installations (IIS 6.0 and IIS 7.0) and the error message is the same whether I try to connect to the old server OWA or the one from the new server (with a mailbox that has been moved). The only customization done to the new IIS web server was the addition of a "binding" name (mail.xxx.com) on the Default Web Site. Of course I still have to migrate smtp, pop, etc. services and decommision the old Exchange 2003 server but I'd like to have everything working out of the Exchange 2007/Windows 2008 server first (I am also migrating the web server to this new server).

So, if I try to access OWA with a mailbox/account that has not been moved to the new mail server, everything works fine. Why? I did a pilot project a few months ago and never got this behavior.

Thanks in advance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

* To access OWA, did you try it with both the url mentioned below:
http://exchange.mydomain.com/owa or
These are the default URLs for OWA.

If either of them work fine then the below article will help you to fix something that needs fixing:

Let us know if this does not help.

benjilafouineAuthor Commented:
I had already tried the above url but without luck. Also, the Technet link does not seem to apply to IIS7.0 as menus and sommands do not correspond.

I was however able to obtain more information by starting the link (mail.domain.net/exchange) directly from within IIS7.0 and it gave me more information on the error (see attached file). It seems that IIS/OWA is expecting a SSL connection instead.

I followed the link at the bottom of the page and followed the instructions to disabkle SSL and from an external network, I typed in mail.internal.domain.net/exchange and got the usernam and password priompt. To go one step further, I had to enter my full username such as: internal.domain.net\firstname.lastname and my regular password and surprise: the next page opened with "There is a problem with this website's security certificate". Even with disabled SSL!

I then clicked on "Continue to this web site" and OWA started correctly.

There is obviously something I can do to simplify this process because it is very confusing.

Any clue?
What happened if you try to browse using "HPPTS" and not "HTTP"?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

benjilafouineAuthor Commented:
It doesn't work. It works with http, then gives a certificate error and when ignoring the certificate error, the final OWA page starts by htpps.

Really strange.
It is strange, but there's something that surely needs to be corrected.
Check the url below, it talks about similar scenario


This could be of some help.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
benjilafouineAuthor Commented:
It's working now! The link above helped greatly even if I didn't go the SSL way.

Here is the thing:

As I had pointed out, I had disabled SSL in IIS7.0 following a link found on the net but I was still haveing a certificate error. The link above describes a function that must be done in the server configuration\client access section of EMC and then right clicking on OWA to set the security.

When I accessed this properties window, the internal URL began with https:// and as soon as I replaced it with http:// the certificate error went away. I didn't change anything else.

Thanks for your help.
Glad to know that it helped.
If you think that it's solved your query then you could close this question by assigning points.


benjilafouineAuthor Commented:
Thanks a lot. Now I can decommission my old Exchange 2003 server.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.