wonker2
asked on
User Cannot logon to Exchange Web Access
I have one user who cannot user her web access in Exchange. When I created her account, I misspelled her name, so I corrected it in Active Directory. I have a feeling I missed a step somewhere... but the end result is she can use her Outlook when in the building, but cannot get into Web Access.
BTW: Exchange 2003
BTW: Exchange 2003
ASKER
WHen she attemps to log in, it just sits and thinks... and eventually comes back and says access denied. She is using the correct password, as it is the one she uses to log in to AD everyday.
No one else is having the problem.. just her.
As far as I know I have corrected all spelling errors.. I belive replication is working properly. How can I check that?
No one else is having the problem.. just her.
As far as I know I have corrected all spelling errors.. I belive replication is working properly. How can I check that?
is she trying to log in the correct format? ie 'domain\username'
ASKER
She is... I've sat next to her several times and watched.. I can login to my account, I log out, she tried to log in, and nothing.. just thinks about it for a while.. sometimes it comes back, sometimes it does not.
It's not something as silly as her account just doesn't have OWA enabled?
Have you checked her Exchange Features settings in ADUC?
Have you checked her Exchange Features settings in ADUC?
ASKER
Other than her name, her account is set up exactly as mine in ADUC.
nothing in the event logs at all?
ASKER
This is what is displayed when she attempts to log in... even though she/we typed in her login name, it is being logged as IUSR_INETSERVER...
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 552
Date: 4/4/2009
Time: 8:23:08 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: INETSERVER
Description:
Logon attempt using explicit credentials:
Logged on user:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon GUID: -
User whose credentials were used:
Target User Name: IUSR_INETSERVER
Target Domain: INETSERVER
Target Logon GUID: -
Target Server Name: localhost
Target Server Info: localhost
Caller Process ID: 7276
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 4/4/2009
Time: 8:23:08 PM
User: INETSERVER\IUSR_INETSERVER
Computer: INETSERVER
Description:
Successful Network Logon:
User Name: IUSR_INETSERVER
Domain: INETSERVER
Logon ID: (0x0,0x40351552)
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: INETSERVER
Logon GUID: -
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 7276
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
check her permissions on the OWA directory - that account should only be invoked for anonymous access to the resource in question
ASKER
Care to enlighten me on how to do so?
On the machine in question, copen iisadmin and check the path to the exchange virtual directory
then check the permissions on that directory - both within iisadmin and the ntfs permissions - make sure she is a member of the appropriate group to permit access to the files/folders
then check the permissions on that directory - both within iisadmin and the ntfs permissions - make sure she is a member of the appropriate group to permit access to the files/folders
ASKER
Maybe this is it...
After some digging, I discovered that the "full mailbox name" in the exchange system manager was never updated. How do I correct it? Would that effect the web access login?
After some digging, I discovered that the "full mailbox name" in the exchange system manager was never updated. How do I correct it? Would that effect the web access login?
I think you'll have to use ADSIEdit in order to fix that
Run it, access the user's AD properties, find the offending field and correct it.
As for whether or not it would effect OWA access? If the system is referencing that field when it is looking for her mailbox, then it certainly might - especially if OWA is providing what it thinks is the correct mailbox name and not finding it.
Run it, access the user's AD properties, find the offending field and correct it.
As for whether or not it would effect OWA access? If the system is referencing that field when it is looking for her mailbox, then it certainly might - especially if OWA is providing what it thinks is the correct mailbox name and not finding it.
ASKER
When I change that, it then tells me her mailbox is unaccesable... can't find the mail store.. Any way to move that?
'move it'? uncertain what you are asking here
and have you checked her ntfs permissions on the \exchange virtual directory?
and have you checked her ntfs permissions on the \exchange virtual directory?
ASKER
The only pace where her name was misspelled was in legacyexchangedn. I changed that to the proper spelling, it propagated over to exchange, and was correct there. However, when I tried to open her mailbox it was unable to connect to it... I'm assuming the mailbox is stored under the wrong name.. now that I made it proper, it is looking for the correct name which does not exist. I also do not want to loose mail....
ah - if you'd said it was the legacyexchangedn I would have told you to not touch it - that's the X500 address exchange uses for internal mail resolution
ASKER
It is back to normal now... am I just better off exporting her stuff to a .pst, deleteing the whole account, making it again and then re-importing the .pst?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
a clone??? What are you referring to?
make a new account that is a copy of her existing one - e.g. 'clone' it
Is anyone else experiencing the same problem?
Did you make sure to change every instance of the spelling mistake in her AD account?
And is replication working correctly between the DC's in your domain?