Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 805
  • Last Modified:

OWA Continuously Prompting for Password

I'm having a strange issue with a customer's Exchange server.  It's running Exchange 2003 SP2.  The Organization setup is a single backend server with two front-end servers (set up as round robin in DNS for load balancing).  Forms-based authentication is set up.  There is no ISA server nor is there a proxy server involved.  OWA is set up to use SSL (certificate is installed and working).

The problem is a single user (out of 4000 mailboxes) gets prompted over and over for authentication in Outlook Web Access.  The first log in lets them into the mailbox (preview pane is turned on).  If you switch messages, the login screen appears again.  If you enter the credentials, then you can view the preview of that message.  If you switch messages, the login screen appears again.

I have verified all permissions on both of the front-end servers both in ESM (virtual HTTP) and in IIS.  Everything appears to be configured correctly - like I said before, this is one user out of four thousand that has the problem.

I've checked out all the IIS logs and there doesn't appear to be anything helpful there, but I can post that if someone else wants to look at it.

The problem is not local to a workstation - I've recreated it from mulitple workstations on multiple subnets.

Now here's the weird part - if I enter the web address as https://servername/exchange/username, I don't have the issue.  I have checked both front-end servers using that method and the problem never came up once.  But if I switch back to the generic https://webmail.domain.com, then it falls apart again.

I'm sort of at a loss where to look next.  I did try removing the round-robining (sending everything to a single server) but it didn't help.

Any ideas?

Travis
0
trturner123
Asked:
trturner123
  • 3
1 Solution
 
trturner123Author Commented:
As I stated above, I've already verified all the permissions.  Everyone in the organization is fine except this one user (and the permissions are set using the Authenticated Users group).

Plus, if I access the front-ends directly (using servername/exchange) this user doesn't get prompted over and over - which indicates to me that the permissions are ok even for the user in question.  I just don't get why using a generic 'webmail' address would cause a problem that an explicit server address would not.

I thought it was switching boxes midway (unlikely...but I'm grasping here) but according to the IIS logs it isn't (see attached).

It can't be a timeout issue (unless I have a single user that's set for immediate timeout while everyone else has a normal timeout value).


2008-11-17 18:32:23 W3SVC1 10.2.1.14 SEARCH /exchange/biersack.l/Inbox/ - 443 biersack.l 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 207 0 0
2008-11-17 18:32:23 W3SVC1 10.2.1.14 SUBSCRIBE /exchange/biersack.l/Tasks - 443 biersack.l 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 200 0 0
2008-11-17 18:32:23 W3SVC1 10.2.1.14 SUBSCRIBE /exchange/biersack.l/Calendar - 443 biersack.l 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 200 0 0
2008-11-17 18:32:23 W3SVC1 10.2.1.14 SEARCH /exchange/biersack.l/Calendar - 443 biersack.l 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 207 0 0
2008-11-17 18:32:23 W3SVC1 10.2.1.14 SEARCH /exchange/biersack.l/Tasks - 443 biersack.l 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 207 0 0
2008-11-17 18:32:35 W3SVC1 10.2.1.14 GET /exchange/biersack.l/Inbox/Book+Club+Choices.EML cmd=preview 443 - 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 401 2 2148074254
2008-11-17 18:32:35 W3SVC1 10.2.1.14 GET /exchweb/bin/auth/owalogon.asp url=https://webmail.beaconk12.org/exchange/biersack.l/Inbox/Book%2520Club%2520Choices.EML%3Fcmd=preview&reason=0 443 - 10.2.4.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+1.0.3705) 200 0 0

Open in new window

0
 
MrLonandBCommented:
Reset the User's password.
0
 
trturner123Author Commented:
Changing the password didn't help.
0
 
trturner123Author Commented:
I couldn't find a solution anywhere - so I backed up all the user's mail with exmerge, deleted/re-created her mailbox and restored the mail.  Problem seems to be fixed now.  I don't know if this is the best solution, but it did correct the issue.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now