OWA access denied (Forbidden) error after moving mailbox


I just migrated my domain Exchange 2003 version to Exchange 2007 into a new Windows 2008 64-bit server. After the initial installation, everything seemed to be working, but as soon as I move a mailbox from the old 2003 server to the new server 2007 server, Outlook Web Access (OWA) displays a "403 - Forbidden: Access is denied" error. Otherwise, all other functions seem to be working (POP, native Outlook, etc), except for the Exchange Attendant system that won't start automatically (not related I think). OWA also works for mailboxes that have not been moved yet.

I now have two Exchange servers (1x 2003 on w2k3 and 1x 2007 on w2k8) with two distinct IIS installations (IIS 6.0 and IIS 7.0) and the error message is the same whether I try to connect to the old server OWA or the one from the new server (with a mailbox that has been moved). The only customization done to the new IIS web server was the addition of a "binding" name (mail.xxx.com) on the Default Web Site. Of course I still have to migrate smtp, pop, etc. services and decommision the old Exchange 2003 server but I'd like to have everything working out of the Exchange 2007/Windows 2008 server first (I am also migrating the web server to this new server).

So, if I try to access OWA with a mailbox/account that has not been moved to the new mail server, everything works fine. Why? I did a pilot project a few months ago and never got this behavior.

Thanks in advance.
Who is Participating?
ashwynrConnect With a Mentor Commented:
It is strange, but there's something that surely needs to be corrected.
Check the url below, it talks about similar scenario


This could be of some help.

* To access OWA, did you try it with both the url mentioned below:
http://exchange.mydomain.com/owa or
These are the default URLs for OWA.

If either of them work fine then the below article will help you to fix something that needs fixing:

Let us know if this does not help.

benjilafouineAuthor Commented:
I had already tried the above url but without luck. Also, the Technet link does not seem to apply to IIS7.0 as menus and sommands do not correspond.

I was however able to obtain more information by starting the link (mail.domain.net/exchange) directly from within IIS7.0 and it gave me more information on the error (see attached file). It seems that IIS/OWA is expecting a SSL connection instead.

I followed the link at the bottom of the page and followed the instructions to disabkle SSL and from an external network, I typed in mail.internal.domain.net/exchange and got the usernam and password priompt. To go one step further, I had to enter my full username such as: internal.domain.net\firstname.lastname and my regular password and surprise: the next page opened with "There is a problem with this website's security certificate". Even with disabled SSL!

I then clicked on "Continue to this web site" and OWA started correctly.

There is obviously something I can do to simplify this process because it is very confusing.

Any clue?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

What happened if you try to browse using "HPPTS" and not "HTTP"?
benjilafouineAuthor Commented:
It doesn't work. It works with http, then gives a certificate error and when ignoring the certificate error, the final OWA page starts by htpps.

Really strange.
benjilafouineAuthor Commented:
It's working now! The link above helped greatly even if I didn't go the SSL way.

Here is the thing:

As I had pointed out, I had disabled SSL in IIS7.0 following a link found on the net but I was still haveing a certificate error. The link above describes a function that must be done in the server configuration\client access section of EMC and then right clicking on OWA to set the security.

When I accessed this properties window, the internal URL began with https:// and as soon as I replaced it with http:// the certificate error went away. I didn't change anything else.

Thanks for your help.
Glad to know that it helped.
If you think that it's solved your query then you could close this question by assigning points.


benjilafouineAuthor Commented:
Thanks a lot. Now I can decommission my old Exchange 2003 server.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.