Solved

User Cannot logon to Exchange Web Access

Posted on 2009-04-06
21
342 Views
Last Modified: 2012-05-06
I have one user who cannot user her web access in Exchange. When I created her account, I misspelled her name, so I corrected it in Active Directory. I have a feeling I missed a step somewhere... but the end result is she can use her Outlook when in the building, but cannot get into Web Access.

BTW: Exchange 2003
0
Comment
Question by:wonker2
  • 11
  • 10
21 Comments
 
LVL 15

Expert Comment

by:abhaigh
ID: 24077387
What errors is she getting when trying to log in via OWA?

Is anyone else experiencing the same problem?

Did you make sure to change every instance of the spelling mistake in her AD account?

And is replication working correctly between the DC's in your domain?
0
 

Author Comment

by:wonker2
ID: 24077427
WHen she attemps to log in, it just sits and thinks... and eventually comes back and says access denied. She is using the correct password, as it is the one she uses to log in to AD everyday.

No one else is having the problem.. just her.
As far as I know I have corrected all spelling errors.. I belive replication is working properly.  How can I check that?
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24077481
is she trying to log in the correct format? ie 'domain\username'
0
 

Author Comment

by:wonker2
ID: 24077553
She is... I've sat next to her several times and watched.. I can login to my account, I log out, she tried to log in, and nothing.. just thinks about it for a while.. sometimes it comes back, sometimes it does not.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24077688
It's not something as silly as her account just doesn't have OWA enabled?

Have you checked her Exchange Features settings in ADUC?
0
 

Author Comment

by:wonker2
ID: 24077699
Other than her name, her account is set up exactly as mine in ADUC.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24077777
nothing in the event logs at all?
0
 

Author Comment

by:wonker2
ID: 24077992
This is what is displayed when she attempts to log in...  even though she/we typed in her login name, it is being logged as IUSR_INETSERVER...
Event Type:	Success Audit

Event Source:	Security

Event Category:	Logon/Logoff 

Event ID:	552

Date:		4/4/2009

Time:		8:23:08 PM

User:		NT AUTHORITY\NETWORK SERVICE

Computer:	INETSERVER

Description:

Logon attempt using explicit credentials:

 Logged on user:

 	User Name:	NETWORK SERVICE

 	Domain:		NT AUTHORITY

 	Logon ID:		(0x0,0x3E4)

 	Logon GUID:	-

 User whose credentials were used:

 	Target User Name:	IUSR_INETSERVER

 	Target Domain:	INETSERVER

 	Target Logon GUID: -
 

 Target Server Name:	localhost

 Target Server Info:	localhost

 Caller Process ID:	7276

 Source Network Address:	-

 Source Port:	-
 
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Success Audit

Event Source:	Security

Event Category:	Logon/Logoff 

Event ID:	540

Date:		4/4/2009

Time:		8:23:08 PM

User:		INETSERVER\IUSR_INETSERVER

Computer:	INETSERVER

Description:

Successful Network Logon:

 	User Name:	IUSR_INETSERVER

 	Domain:		INETSERVER

 	Logon ID:		(0x0,0x40351552)

 	Logon Type:	8

 	Logon Process:	Advapi  

 	Authentication Package:	Negotiate

 	Workstation Name:	INETSERVER

 	Logon GUID:	-

 	Caller User Name:	NETWORK SERVICE

 	Caller Domain:	NT AUTHORITY

 	Caller Logon ID:	(0x0,0x3E4)

 	Caller Process ID: 7276

 	Transited Services: -

 	Source Network Address:	-

 	Source Port:	-
 
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24078144
check her permissions on the OWA directory - that account should only be invoked for anonymous access to the resource in question
0
 

Author Comment

by:wonker2
ID: 24078185
Care to enlighten me on how to do so?
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 15

Expert Comment

by:abhaigh
ID: 24078248
On the machine in question, copen iisadmin and check the path to the exchange virtual directory

then check the permissions on that directory - both  within iisadmin and the ntfs permissions - make sure she is a member of the appropriate group to permit access to the files/folders
0
 

Author Comment

by:wonker2
ID: 24078750
Maybe this is it...
After some digging, I discovered that the "full mailbox name" in the exchange system manager was never updated. How do I correct it? Would that effect the web access login?
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24078819
I think you'll have to use ADSIEdit in order to fix that

Run it, access the user's AD properties, find the offending field and correct it.

As for whether or not it would effect OWA access? If the system is referencing that field when it is looking for her mailbox, then it certainly might - especially if OWA is providing what it thinks is the correct mailbox name and not finding it.
0
 

Author Comment

by:wonker2
ID: 24078991
When I change that, it then tells me her mailbox is unaccesable... can't find the mail store.. Any way to move that?
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24079812
'move it'? uncertain what you are asking here

and have you checked her ntfs permissions on the \exchange virtual directory?
0
 

Author Comment

by:wonker2
ID: 24079870
The only pace where her name was misspelled was in legacyexchangedn. I changed that to the proper spelling, it propagated over to exchange, and was correct there. However, when I tried to open her mailbox it was unable to connect to it... I'm assuming the mailbox is stored under the wrong name.. now that I made it proper, it is looking for the correct name which does not exist. I also do not want to loose mail....
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24079921
ah - if you'd said it was the legacyexchangedn I would have told you to not touch it - that's the X500 address exchange uses for internal mail resolution
0
 

Author Comment

by:wonker2
ID: 24079957
It is back to normal now... am I just better off exporting her stuff to a .pst, deleteing the whole account, making it again and then re-importing the .pst?
0
 
LVL 15

Accepted Solution

by:
abhaigh earned 250 total points
ID: 24080249
That certainly should work - though I think I'd want to test it out first by creating a clone of her account and seeing if the problem persists

if the problem does persist, then I would look at group memberships and permissions
0
 

Author Comment

by:wonker2
ID: 24080313
a clone??? What are you referring to?
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24080530
make a new account that is a copy of her existing one - e.g. 'clone' it
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now