Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OWA problems

Posted on 2009-04-08
24
Medium Priority
?
575 Views
Last Modified: 2012-08-13
Hey again,

I have set up OWA and have a problems with some of my users not being able to authenticate.  I only have one AD site but 2 different email address.  @.parkcounty.us and @.parkcountysheriff.net.  Our domain name is parkcounty.us(ext) and parkcounty.local (int).  It seems that only the parkcountysheriff peope can't log in.  What do I need to set to make this work.  Everyone is a domain user for parkcounty.local.

Thanks,

Dylan
0
Comment
Question by:ascii_fire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 11
24 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 24101959
What are you having them enter in the username field when they're prompted by OWA?  It should be their domain username/password, which is not the same thing as their email address.
0
 

Author Comment

by:ascii_fire
ID: 24102182
I'm using domain/username and I have tried username only and username@parkcountysheriff.net.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24106944
try entering it in using the format:  netbiosdomainname\username

Another possible combination might be username@netbiosdomainname
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:ascii_fire
ID: 24107396
It's definitely not the format.  It has to be a setting somewhere.  I don't think permission because i can connect with other users with the same permissions.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24107438
Do you have just a single Exchange server?
0
 

Author Comment

by:ascii_fire
ID: 24107775
I have two.  But...  I can connect to mailboxes on either one, just not the ones with the different email format.  Also I can point to either one in the address and it will connect those parkcounty.local users.

0
 
LVL 9

Expert Comment

by:esmith69
ID: 24108274
so the people with the parkcountysherriff.net email addresses are the ones that cannot connect to OWA, even though their mailbox is stored on the same Exchange server as everyone else?

By any chance were these accounts migrated from another windows domain?
0
 

Author Comment

by:ascii_fire
ID: 24108601
Correct on both.  I upgraded from 2000 to 2007.  But all accounts were migrated.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24108711
I would check the event logs on your Exchange servers, as well the IIS logs.  Most like the IIS logs will give you the most direct explanation, but sometimes they're kinda tricky to decipher, so that's why I suggest looking at the system/application logs first.

You also should consider running the Exchange Best Practices Analyzer to make sure all the settings in your system are correct.  I generally use this tool to find major issues--I don't always follow every single little suggestion they have.  It's helpful because it can easily find major issues like missing global address lists or registry entries.
0
 

Author Comment

by:ascii_fire
ID: 24109566
Not really seeing anything that stick out.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24111215
In the IIS logs, are you seeing the failed attempts by parkcountysherriff.net people to login to OWA?
0
 

Author Comment

by:ascii_fire
ID: 24111244
Im not sure i they are failed but I am seeing them.

2009-04-09 16:52:36 192.168.0.182 GET /owa/ - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 2 5 46
2009-04-09 16:52:43 192.168.0.182 GET /owa/ - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225584 15
2009-04-09 16:52:45 192.168.0.182 GET /owa/ - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225584 31
2009-04-09 16:52:58 192.168.0.182 GET /owa/ - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225584 78
2009-04-09 16:53:15 192.168.0.182 GET /owa/ - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225581 31
2009-04-09 16:53:35 192.168.0.182 GET / - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 2 5 592
2009-04-09 16:53:59 192.168.0.182 GET / - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225584 31
2009-04-09 16:54:29 192.168.0.182 GET / - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225581 93
2009-04-09 16:54:43 192.168.0.182 GET / - 443 - 72.175.44.202 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+InfoPath.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 401 1 3221225584 15
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24111320
When you go into the properties for the domain user accounts that have the parkcountysherriff.net addresses, what does it list under the "account" tab on the left side of the "user logon name (pre-Windows 2000)" section?
0
 

Author Comment

by:ascii_fire
ID: 24111340
pre windows 2000 name is the same as the user logon name.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24111365
No I mean what does it list on the left side (it will be grayed out).
0
 

Author Comment

by:ascii_fire
ID: 24111428
Here is a screen
account.doc
0
 

Author Comment

by:ascii_fire
ID: 24111455
Sorry I was in the EMC.

it says "parkcounty\"
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24111474
And you've tried logging on to OWA using "parkcounty\username"  for the username field?
0
 

Author Comment

by:ascii_fire
ID: 24111510
I think I got it.  The several that I had been testing were locked down to logging on to specific computers.  I found one that had all access and he works.  I will add our exchange servers on someone that does not work as see if that fixes it.

You definitely pointed me in the right direction.  If this works I'll award you points!!!!1

Thanks!!!!!
0
 

Author Comment

by:ascii_fire
ID: 24112024
Ok that was it, but.....  I added my two exchange servers and no go.  I then added a DC still no go.  I then switched to all computers and it worked.  I really don't want to leave it this way any idea which computers he would have to have access to????

Thanks again for the time and help!!!!
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24112066
I'm kinda confused as to what you did in the next-to-last post.  What do you mean when you say "locked down to logging on to specific computers"?
0
 

Author Comment

by:ascii_fire
ID: 24112091
Under the account tab there is a button that says "Log on to.."  From here you can select the computers that the user have permissions to log on to.  Some users have all computers and these users could get onto OWA.  Some users had a specific list of computers that they can log on to.  Apparently there is a computer that the user needs to logon to to get to OWA.  I would have thought it would have been our exchange servers and maybe a DC, but this did not work.  
0
 
LVL 9

Accepted Solution

by:
esmith69 earned 200 total points
ID: 24115196
I am pretty sure you need to have "all computers" enabled for users to be able to use OWA.  In any case, even adding in one of the domain controllers to that list would probably not be enough to allow someone to log on to the DC--you'd have to modify the default domain controllers GPO to do that.
0
 

Author Comment

by:ascii_fire
ID: 24115570
Thanks esmith for the help!!!  I found an article that sais you could put the domain name in and it would work.  However the article also stated that the field can only accept so many characters, which mine is greater than. I just can't believe there isn't a way to do this without enabling "all computers"

Anway thanks again for all the help!!!

Dylan
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question